GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,233
Erlang
31
GitHub Actions
20
Go
1,992
Maven
5,000+
npm
3,709
NuGet
661
pip
3,346
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
15 advisories
Filter by severity
Insufficient Session Expiration in Pterodactyl API
Moderate
GHSA-7v3x-h7r2-34jv
was published
for
pterodactyl/panel
(Composer)
Jan 21, 2022
SimpleSAMLphp Invalid token creation and validation
Moderate
CVE-2017-12867
was published
for
simplesamlphp/simplesamlphp
(Composer)
May 13, 2022
Symfony DoS
Moderate
CVE-2018-11386
was published
for
symfony/http-foundation
(Composer)
May 14, 2022
Microweber Insufficient Session Expiry
Moderate
CVE-2020-23136
was published
for
microweber/microweber
(Composer)
May 24, 2022
Magento Insufficient Session Expiration
Moderate
CVE-2021-21032
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento Insufficient Session Expiration
Moderate
CVE-2021-21031
was published
for
magento/community-edition
(Composer)
May 24, 2022
Insufficient Session Expiration in TYPO3's Admin Tool
Moderate
CVE-2022-31050
was published
for
typo3/cms
(Composer)
Jun 17, 2022
TYPO3 CMS vulnerable to Insufficient Session Expiration after Password Reset
Moderate
CVE-2022-23502
was published
for
typo3/cms
(Composer)
Dec 13, 2022
Symfony vulnerable to Session Fixation of CSRF tokens
Moderate
CVE-2022-24895
was published
for
symfony/security-bundle
(Composer)
Feb 1, 2023
Firefly III insufficiently expires sessions
Moderate
CVE-2023-1788
was published
for
grumpydictator/firefly-iii
(Composer)
Apr 5, 2023
Concrete CMS missing secure cookie parameters
Moderate
CVE-2023-28472
was published
for
concrete5/concrete5
(Composer)
Apr 28, 2023
Admidio Insufficient Session Expiration vulnerability
Moderate
CVE-2023-4190
was published
for
admidio/admidio
(Composer)
Aug 6, 2023
Shopware Improper Session Handling in store-api account logout
Moderate
CVE-2024-31447
was published
for
shopware/core
(Composer)
Apr 8, 2024
Contao: Remember-me tokens will not be cleared after a password change
Moderate
CVE-2024-30262
was published
for
contao/core-bundle
(Composer)
Apr 9, 2024
Reportico Web fails to invalidate cookies upon logout
Moderate
CVE-2024-31556
was published
for
reportico-web/reportico
(Composer)
May 14, 2024
ProTip!
Advisories are also available from the
GraphQL API