Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,233
Erlang
31
GitHub Actions
20
Go
1,992
Maven
5,000+
npm
3,709
NuGet
661
pip
3,346
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

89 advisories

Loading
Insufficient Session Expiration in GitHub repository linkstackorg/linkstack prior to v4.2.9. Moderate Unreviewed
CVE-2023-5838 was published Oct 29, 2023
HCL Compass is vulnerable to failure to invalidate sessions. The application does not invalidate... Moderate Unreviewed
CVE-2023-37504 was published Oct 19, 2023
IBM Security Verify Privilege On-Premises 11.5 could allow a user to obtain sensitive... Moderate Unreviewed
CVE-2021-20581 was published Oct 17, 2023
Mattermost fails to check if an admin user account active after an oauth2 flow is started,... Moderate Unreviewed
CVE-2023-2788 was published Jun 16, 2023
IBM Cloud Pak System Suite 2.3.3.0 through 2.3.3.5 does not invalidate session after logout which... Moderate Unreviewed
CVE-2020-4914 was published May 5, 2023
IBM Cognos Command Center 10.2.4.1 could allow a local attacker to obtain sensitive information... Moderate Unreviewed
CVE-2022-38707 was published May 5, 2023
In LemonLDAP::NG before 2.0.15. some sessions are not deleted when they are supposed to be... Moderate Unreviewed
CVE-2022-37186 was published Apr 16, 2023
This disclosure regards a vulnerability related to UAA refresh tokens and external identity... Moderate Unreviewed
CVE-2023-20903 was published Mar 28, 2023
Rapid7 InsightVM suffers from insufficient session expiration when an administrator performs a... Moderate Unreviewed
CVE-2021-3844 was published Mar 24, 2023
SupportAssist for Home PCs (versions 3.11.4 and prior) contain an insufficient session expiration... Moderate Unreviewed
CVE-2022-34392 was published Feb 11, 2023
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 does not invalidate session... Moderate Unreviewed
CVE-2022-22371 was published Jan 5, 2023
IBM DataPower Gateway 10.0.3.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.9, 2018.4.1.0 through... Moderate Unreviewed
CVE-2022-40228 was published Nov 22, 2022
"IBM MQ Appliance 9.2 CD, 9.2 LTS, 9.3 CD, and LTS 9.3 does not invalidate session after logout... Moderate Unreviewed
CVE-2022-40230 was published Nov 4, 2022
devhub 0.102.0 was discovered to contain a broken session control. Moderate Unreviewed
CVE-2022-41542 was published Oct 17, 2022
IBM InfoSphere Information Server 11.7 does not invalidate session after logout which could allow... Moderate Unreviewed
CVE-2022-41291 was published Oct 7, 2022
In affected versions of Octopus Server it was identified that a session cookie could be used as... Moderate Unreviewed
CVE-2022-2783 was published Oct 6, 2022
Rapid7 InsightVM suffers from an information exposure issue whereby, when the user's session has... Moderate Unreviewed
CVE-2019-5641 was published Sep 22, 2022
Mealie1.0.0beta3 does not terminate download tokens after a user logs out, allowing attackers to... Moderate Unreviewed
CVE-2022-34624 was published Aug 20, 2022
NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the ... Moderate Unreviewed
CVE-2022-30698 was published Aug 2, 2022
NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the ... Moderate Unreviewed
CVE-2022-30699 was published Aug 2, 2022
BD Synapsys™, versions 4.20, 4.20 SR1, and 4.30, contain an insufficient session expiration... Moderate Unreviewed
CVE-2022-30277 was published Jun 3, 2022
IBM i2 iBase 8.9.13 and 9.0.0 could allow a local attacker to obtain sensitive information due to... Moderate Unreviewed
CVE-2021-29868 was published May 24, 2022
The vulnerability can be described as a failure to invalidate user session upon password change.... Moderate Unreviewed
CVE-2021-35214 was published May 24, 2022
IBM Sterling File Gateway User Interface 2.2.0.0 through 6.1.1.0 does not invalidate session... Moderate Unreviewed
CVE-2021-20473 was published May 24, 2022
An insufficient session expiration vulnerability in FortiSandbox versions 3.2.1 and below may... Moderate Unreviewed
CVE-2020-29012 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database