GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
304 advisories
Filter by severity
Potential Session Hijacking
Low
GHSA-h9q8-5gv2-v6mg
was published
for
shopware/platform
(Composer)
Mar 12, 2021
Insufficient Session Expiration in Kiali
High
CVE-2020-1762
was published
for
github.com/kiali/kiali
(Go)
May 18, 2021
Insufficient Session Expiration in @cyyynthia/tokenize
High
GHSA-jcjx-c3j3-44pr
was published
for
@cyyynthia/tokenize
(npm)
Nov 10, 2021
Insufficient Session Expiration in Pterodactyl API
Moderate
GHSA-7v3x-h7r2-34jv
was published
for
pterodactyl/panel
(Composer)
Jan 21, 2022
Shopware has Insufficient Session Expiration in Administration
Low
CVE-2023-22732
was published
for
shopware/core
(Composer)
Jan 20, 2023
Zitadel RefreshToken invalidation vulnerability
Moderate
CVE-2023-22492
was published
for
github.com/zitadel/zitadel
(Go)
Jan 11, 2023
Insufficient Session Expiration in Sylius
High
CVE-2022-24743
was published
for
sylius/sylius
(Composer)
Mar 14, 2022
Insufficient Session Expiration in Admidio
High
CVE-2022-0991
was published
for
admidio/admidio
(Composer)
Mar 20, 2022
SurveyKing v0.2.0 was discovered to retain users' session cookies after logout, allowing...
Moderate
Unreviewed
CVE-2022-25590
was published
Mar 26, 2022
Old sessions not blocked by login enable function in Snipe-IT
High
CVE-2022-1155
was published
for
snipe/snipe-it
(Composer)
Mar 31, 2022
An issue was discovered in MantisBT before 2.24.5. It associates a unique cookie string with each...
High
Unreviewed
CVE-2009-20001
was published
Apr 21, 2022
A vulnerability in the SIP inspection engine of Cisco Adaptive Security Appliance (ASA) Software...
High
Unreviewed
CVE-2021-1501
was published
May 24, 2022
Session fixation and insufficient session expiration vulnerabilities allow an attacker to perfom...
Critical
Unreviewed
CVE-2021-46279
was published
Oct 24, 2022
Insufficient Session Expiration in Jenkins
High
CVE-2019-1003049
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Invalid session token expiration
High
CVE-2021-32923
was published
for
github.com/hashicorp/vault
(Go)
Jun 8, 2021
BD Synapsys™, versions 4.20, 4.20 SR1, and 4.30, contain an insufficient session expiration...
Moderate
Unreviewed
CVE-2022-30277
was published
Jun 3, 2022
IBM Robotic Process Automation for Cloud Pak 20.12 through 21.0.3 is vulnerable to broken access...
High
Unreviewed
CVE-2022-43844
was published
Jan 5, 2023
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to session hijacking...
High
Unreviewed
CVE-2017-6529
was published
May 17, 2022
Insufficient Session Expiration in NocoDB
High
CVE-2022-2064
was published
for
nocodb
(npm)
Jun 14, 2022
Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series...
High
Unreviewed
CVE-2021-1542
was published
May 24, 2022
** DISPUTED ** A vulnerability has been found in Microsoft O365 and classified as critical. The...
High
Unreviewed
CVE-2022-2076
was published
Jun 15, 2022
IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout...
Critical
Unreviewed
CVE-2022-22317
was published
Jun 21, 2022
IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout...
Critical
Unreviewed
CVE-2022-22318
was published
Jun 21, 2022
Insufficient Session Expiration in TYPO3's Admin Tool
Moderate
CVE-2022-31050
was published
for
typo3/cms
(Composer)
Jun 17, 2022
Insufficient Session Expiration in Nakama
High
CVE-2022-2306
was published
for
github.com/heroiclabs/nakama
(Go)
Jul 6, 2022
ProTip!
Advisories are also available from the
GraphQL API