GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,233
Erlang
31
GitHub Actions
20
Go
1,992
Maven
5,000+
npm
3,709
NuGet
661
pip
3,346
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
89 advisories
Filter by severity
A vulnerability was found in Apereo CAS 6.6 and classified as problematic. Affected by this issue...
Moderate
Unreviewed
CVE-2024-11208
was published
Nov 14, 2024
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected...
Moderate
Unreviewed
CVE-2024-46892
was published
Nov 12, 2024
cskefu v7 suffers from Insufficient Session Expiration, which allows attackers to exploit the old...
Moderate
Unreviewed
CVE-2024-29402
was published
Apr 17, 2024
IoT Haat Smart Plug IH-IN-16A-S IH-IN-16A-S v5.16.1 suffers from Insufficient Session Expiration....
Moderate
Unreviewed
CVE-2024-46040
was published
Oct 7, 2024
The MFA management features did not properly terminate existing user sessions when a user's MFA...
Moderate
Unreviewed
CVE-2024-21722
was published
Feb 29, 2024
The logout operation in the CloudStack web interface does not expire the user session completely...
Moderate
Unreviewed
CVE-2024-45462
was published
Oct 16, 2024
HCL Nomad is susceptible to an insufficient session expiration vulnerability. Under certain...
Moderate
Unreviewed
CVE-2024-23586
was published
Sep 28, 2024
IBM Aspera Shares 1.0 through 1.10.0 PL3 does not invalidate session after a password reset which...
Moderate
Unreviewed
CVE-2024-38315
was published
Sep 16, 2024
A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 SP2)....
Moderate
Unreviewed
CVE-2024-32006
was published
Sep 10, 2024
An access control issue in Wvp GB28181 Pro 2.0 allows users to continue to access information in...
Moderate
Unreviewed
CVE-2024-36523
was published
Jun 12, 2024
An issue was discovered in Linksys Router E1700 1.0.04 (build 3), allows authenticated attackers...
Moderate
Unreviewed
CVE-2024-22543
was published
Feb 27, 2024
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10...
Moderate
Unreviewed
CVE-2022-38382
was published
Aug 13, 2024
IBM Aspera Orchestrator 4.0.1 does not invalidate session after a password change which could...
Moderate
Unreviewed
CVE-2023-26288
was published
Jul 30, 2024
IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 uses...
Moderate
Unreviewed
CVE-2022-32759
was published
Jul 25, 2024
An issue in SurveyKing v1.3.1 allows attackers to execute a session replay attack after a user...
Moderate
Unreviewed
CVE-2024-35048
was published
May 14, 2024
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not invalidate session after logout which...
Moderate
Unreviewed
CVE-2023-40695
was published
May 3, 2024
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3...
Moderate
Unreviewed
CVE-2024-22358
was published
Apr 12, 2024
IBM Security Verify Privilege On-Premises 11.5 could allow a user to obtain sensitive...
Moderate
Unreviewed
CVE-2021-20581
was published
Oct 17, 2023
HCL Compass is vulnerable to failure to invalidate sessions. The application does not invalidate...
Moderate
Unreviewed
CVE-2023-37504
was published
Oct 19, 2023
Mattermost fails to check if an admin user account active after an oauth2 flow is started,...
Moderate
Unreviewed
CVE-2023-2788
was published
Jun 16, 2023
IBM Cloud Pak System Suite 2.3.3.0 through 2.3.3.5 does not invalidate session after logout which...
Moderate
Unreviewed
CVE-2020-4914
was published
May 5, 2023
IBM Cognos Command Center 10.2.4.1 could allow a local attacker to obtain sensitive information...
Moderate
Unreviewed
CVE-2022-38707
was published
May 5, 2023
In LemonLDAP::NG before 2.0.15. some sessions are not deleted when they are supposed to be...
Moderate
Unreviewed
CVE-2022-37186
was published
Apr 16, 2023
SAP Enable Now, before version 1911, sends the Session ID cookie value in URL. This might be...
Moderate
Unreviewed
CVE-2020-6178
was published
May 24, 2022
A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache...
Moderate
Unreviewed
CVE-2019-14826
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API