GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,090
Erlang
29
GitHub Actions
19
Go
1,915
Maven
5,000+
npm
3,646
NuGet
638
pip
3,262
Pub
10
RubyGems
870
Rust
821
Swift
35
Unreviewed advisories
All unreviewed
5,000+
283 advisories
Filter by severity
Use of a Key Past its Expiration Date and Insufficient Session Expiration in Maddy Mail Server
Moderate
CVE-2022-24732
was published
for
github.com/foxcpp/maddy
(Go)
Mar 7, 2022
IBM MQ Appliance 9.2 CD and 9.2 LTS does not invalidate session after logout which could allow an...
Moderate
Unreviewed
CVE-2021-38986
was published
Mar 2, 2022
In JetBrains TeamCity before 2021.2, a logout action didn't remove a Remember Me cookie.
Moderate
Unreviewed
CVE-2022-24332
was published
Feb 26, 2022
In JetBrains TeamCity before 2021.2.1, editing a user account to change its password didn't...
High
Unreviewed
CVE-2022-24341
was published
Feb 26, 2022
In Ifme, versions 1.0.0 to v.7.33.2 don’t properly invalidate a user’s session even after the...
Critical
Unreviewed
CVE-2021-25992
was published
Feb 11, 2022
Insufficient Session Expiration in Apache NiFi Registry
Moderate
CVE-2020-9482
was published
for
org.apache.nifi.registry:nifi-registry-web-api
(Maven)
Feb 9, 2022
A CWE-614 Insufficient Session Expiration vulnerability exists that could allow an attacker to...
Critical
Unreviewed
CVE-2021-22820
was published
Jan 29, 2022
Insufficient Session Expiration in Pterodactyl API
Moderate
GHSA-7v3x-h7r2-34jv
was published
for
pterodactyl/panel
(Composer)
Jan 21, 2022
Mattermost Boards plugin v0.10.0 and earlier fails to invalidate a session on the server-side...
High
Unreviewed
CVE-2021-37866
was published
Jan 19, 2022
In DayByDay CRM, versions 2.2.0 through 2.2.1 (latest) are vulnerable to Insufficient Session...
High
Unreviewed
CVE-2022-22113
was published
Jan 14, 2022
In Mattermost Focalboard, versions prior to v0.7.5, v0.8.4, v0.9.5, v0.10.1 and v0.11.0-rc1; as...
Critical
Unreviewed
CVE-2022-22122
was published
Jan 14, 2022
Improper session management vulnerability in Samsung Health prior to 6.20.1.005 prevents logging...
Low
Unreviewed
CVE-2022-22283
was published
Jan 11, 2022
Insufficient Session Expiration in shopware
Low
CVE-2022-21652
was published
for
shopware/shopware
(Composer)
Jan 6, 2022
In Talkyard, regular versions v0.2021.20 through v0.2021.33 and dev versions v0.2021.20 through...
Critical
Unreviewed
CVE-2021-25981
was published
Jan 4, 2022
An insufficient session expiration vulnerability in the CGI program of the Zyxel NBG6604 firmware...
Critical
Unreviewed
CVE-2021-35034
was published
Dec 30, 2021
An issue was discovered in Stormshield Network Security (SNS) 4.2.2 through 4.2.7 (fixed in 4.2.8...
High
Unreviewed
CVE-2021-45885
was published
Dec 30, 2021
Mahavitaran android application 7.50 and prior are affected by account takeover due to improper...
Critical
Unreviewed
CVE-2020-27416
was published
Dec 9, 2021
An insufficient session expiration vulnerability exists in Business-DNA Solutions GmbH’s TopEase®...
Critical
Unreviewed
CVE-2021-42545
was published
Dec 1, 2021
Dell EMC Streaming Data Platform versions before 1.3 contain an Insufficient Session Expiration...
Critical
Unreviewed
CVE-2021-36330
was published
Dec 1, 2021
Apostrophe CMS Insufficient Session Expiration vulnerability
Critical
CVE-2021-25979
was published
for
apostrophe
(npm)
Nov 10, 2021
Insufficient Session Expiration in @cyyynthia/tokenize
High
GHSA-jcjx-c3j3-44pr
was published
for
@cyyynthia/tokenize
(npm)
Nov 10, 2021
incomplete JupyterHub logout with simultaneous JupyterLab sessions
Moderate
CVE-2021-41247
was published
for
jupyterhub
(pip)
Nov 8, 2021
Insufficient Session Expiration and TOCTOU Race Condition in OPC FOundation UA .Net Standard
Moderate
CVE-2020-8867
was published
for
OPCFoundation.NetStandard.Opc.Ua
(NuGet)
Aug 2, 2021
SessionListener can prevent a session from being invalidated breaking logout
Low
CVE-2021-34428
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Jun 23, 2021
Insufficient Session Expiration in OpenStack Keystone
High
CVE-2020-12690
was published
for
keystone
(pip)
Jun 9, 2021
ProTip!
Advisories are also available from the
GraphQL API