Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,232
Erlang
31
GitHub Actions
20
Go
1,991
Maven
5,000+
npm
3,709
NuGet
661
pip
3,344
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+

292 advisories

Loading
vantage6 refresh tokens do not expire High
CVE-2023-23929 was published for vantage6 (pip) Feb 28, 2023
Apache Airflow Providers FAB Insufficient Session Expiration vulnerability Low
CVE-2024-42447 was published for apache-airflow-providers-fab (pip) Aug 5, 2024
aiohttp-session creates non-expiring sessions High
CVE-2018-1000814 was published for aiohttp-session (pip) Dec 20, 2018
Session fixation vulnerability in Jenkins OpenId Connect Authentication Plugin High
CVE-2024-52553 was published for org.jenkins-ci.plugins:oic-auth (Maven) Nov 13, 2024
A vulnerability was found in Apereo CAS 6.6 and classified as problematic. Affected by this issue... Moderate Unreviewed
CVE-2024-11208 was published Nov 14, 2024
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected... Moderate Unreviewed
CVE-2024-46892 was published Nov 12, 2024
cskefu v7 suffers from Insufficient Session Expiration, which allows attackers to exploit the old... Moderate Unreviewed
CVE-2024-29402 was published Apr 17, 2024
IoT Haat Smart Plug IH-IN-16A-S IH-IN-16A-S v5.16.1 suffers from Insufficient Session Expiration.... Moderate Unreviewed
CVE-2024-46040 was published Oct 7, 2024
The MFA management features did not properly terminate existing user sessions when a user's MFA... Moderate Unreviewed
CVE-2024-21722 was published Feb 29, 2024
rdiffweb vulnerable to Insufficient Session Expiration High
CVE-2022-3362 was published for rdiffweb (pip) Nov 15, 2022
SaltStack Salt eauth tokens can be used once after expiration Critical
CVE-2021-3144 was published for salt (pip) May 24, 2022
Umbraco CMS logout page displayed before session expiration Moderate
CVE-2024-48926 was published for Umbraco.CMS (NuGet) Oct 22, 2024
TRexStark
Samly access control vulnerability Critical
CVE-2024-25718 was published for Samly (Erlang) Feb 11, 2024
Insufficient Session Expiration in pretix High
CVE-2023-27891 was published for pretix (pip) Mar 7, 2023
Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider High
CVE-2023-22650 was published for github.com/rancher/rancher (Go) Jun 17, 2024
The logout operation in the CloudStack web interface does not expire the user session completely... Moderate Unreviewed
CVE-2024-45462 was published Oct 16, 2024
An issue in sbondCo Watcharr v.1.43.0 allows a remote attacker to execute arbitrary code and... High Unreviewed
CVE-2024-48827 was published Oct 11, 2024
OctoPrint vulnerable to Insufficient Session Expiration. Moderate
CVE-2022-2888 was published for OctoPrint (pip) Sep 22, 2022
HCL Nomad is susceptible to an insufficient session expiration vulnerability.   Under certain... Moderate Unreviewed
CVE-2024-23586 was published Sep 28, 2024
Insufficient Session Expiration in OpenStack Keystone High
CVE-2020-12690 was published for keystone (pip) Jun 9, 2021
incomplete JupyterHub logout with simultaneous JupyterLab sessions Moderate
CVE-2021-41247 was published for jupyterhub (pip) Nov 8, 2021
fritterhoff
An attacker with access to the network where CIRCUTOR Q-SMT is located in its firmware version 1... Critical Unreviewed
CVE-2024-8888 was published Sep 18, 2024
Rapid7 Nexpose versions 6.5.50 and prior suffer from insufficient session expiration when an... High Unreviewed
CVE-2019-5638 was published May 24, 2022
IBM Aspera Shares 1.0 through 1.10.0 PL3 does not invalidate session after a password reset which... Moderate Unreviewed
CVE-2024-38315 was published Sep 16, 2024
Apache Airflow may allow authenticated users who have been deactivated to continue using the UI or API High
CVE-2022-41672 was published for apache-airflow (pip) Oct 7, 2022
sunSUNQ
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database