GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,232
Erlang
31
GitHub Actions
20
Go
1,991
Maven
5,000+
npm
3,709
NuGet
661
pip
3,345
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
88 advisories
Filter by severity
Insufficient Session Expiration in TYPO3's Admin Tool
Moderate
CVE-2022-31050
was published
for
typo3/cms
(Composer)
Jun 17, 2022
Insufficient Session Expiration in NocoDB
High
CVE-2022-2064
was published
for
nocodb
(npm)
Jun 14, 2022
Camaleon CMS Insufficient Session Expiration vulnerability
High
CVE-2021-25970
was published
for
camaleon_cms
(RubyGems)
May 24, 2022
Token leases could outlive their TTL in HashiCorp Vault
Critical
CVE-2020-25816
was published
for
github.com/hashicorp/vault
(Go)
May 24, 2022
SaltStack Salt eauth tokens can be used once after expiration
Critical
CVE-2021-3144
was published
for
salt
(pip)
May 24, 2022
Magento Insufficient Session Expiration
Moderate
CVE-2021-21031
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento Insufficient Session Expiration
Moderate
CVE-2021-21032
was published
for
magento/community-edition
(Composer)
May 24, 2022
Gitaly Insufficient Session Expiration vulnerability
Low
CVE-2020-13353
was published
for
gitaly
(RubyGems)
May 24, 2022
Microweber Insufficient Session Expiry
Moderate
CVE-2020-23136
was published
for
microweber/microweber
(Composer)
May 24, 2022
Keycloak Insufficient Session Expiry
Moderate
CVE-2020-1724
was published
for
org.keycloak:keycloak-core
(Maven)
May 24, 2022
Symfony DoS
Moderate
CVE-2018-11386
was published
for
symfony/http-foundation
(Composer)
May 14, 2022
SimpleSAMLphp Invalid token creation and validation
Moderate
CVE-2017-12867
was published
for
simplesamlphp/simplesamlphp
(Composer)
May 13, 2022
Keycloak CSRF Vulnerability
High
CVE-2017-12159
was published
for
org.keycloak:keycloak-parent
(Maven)
May 13, 2022
Cloud Foundry Runtime Insufficient Session Expiration vulnerability
Critical
CVE-2015-5171
was published
for
org.cloudfoundry.identity:cloudfoundry-identity-server
(Maven)
May 13, 2022
Insufficient Session Expiration in Jenkins
High
CVE-2019-1003049
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Keycloak insufficient session expiration
High
CVE-2021-3461
was published
for
org.keycloak:keycloak-parent
(Maven)
Apr 3, 2022
Old sessions not blocked by login enable function in Snipe-IT
High
CVE-2022-1155
was published
for
snipe/snipe-it
(Composer)
Mar 31, 2022
Insufficient Session Expiration in Admidio
High
CVE-2022-0991
was published
for
admidio/admidio
(Composer)
Mar 20, 2022
Insufficient Session Expiration in Sylius
High
CVE-2022-24743
was published
for
sylius/sylius
(Composer)
Mar 14, 2022
Shopware user session is not logged out if the password is reset via password recovery
Low
CVE-2022-24744
was published
for
shopware/core
(Composer)
Mar 10, 2022
Use of a Key Past its Expiration Date and Insufficient Session Expiration in Maddy Mail Server
Moderate
CVE-2022-24732
was published
for
github.com/foxcpp/maddy
(Go)
Mar 7, 2022
Insufficient Session Expiration in Apache NiFi Registry
Moderate
CVE-2020-9482
was published
for
org.apache.nifi.registry:nifi-registry-web-api
(Maven)
Feb 9, 2022
Insufficient Session Expiration in Pterodactyl API
Moderate
GHSA-7v3x-h7r2-34jv
was published
for
pterodactyl/panel
(Composer)
Jan 21, 2022
Insufficient Session Expiration in shopware
Low
CVE-2022-21652
was published
for
shopware/shopware
(Composer)
Jan 6, 2022
Apostrophe CMS Insufficient Session Expiration vulnerability
Critical
CVE-2021-25979
was published
for
apostrophe
(npm)
Nov 10, 2021
ProTip!
Advisories are also available from the
GraphQL API