GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,233
Erlang
31
GitHub Actions
20
Go
1,992
Maven
5,000+
npm
3,709
NuGet
661
pip
3,345
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
30 advisories
Filter by severity
Reportico Web fails to invalidate cookies upon logout
Moderate
CVE-2024-31556
was published
for
reportico-web/reportico
(Composer)
May 14, 2024
zfr authentication adapter did not verify validity of tokens
High
GHSA-rcm4-jv5g-wccm
was published
for
zfr/zfr-oauth2-server-module
(Composer)
Jun 7, 2024
silverstripe/framework's pre-existing alc_enc cookies log users in if remember me is disabled
Low
GHSA-5r8w-66hq-rc39
was published
for
silverstripe/framework
(Composer)
May 27, 2024
SimpleSAMLphp Invalid token creation and validation
Moderate
CVE-2017-12867
was published
for
simplesamlphp/simplesamlphp
(Composer)
May 13, 2022
Contao: Remember-me tokens will not be cleared after a password change
Moderate
CVE-2024-30262
was published
for
contao/core-bundle
(Composer)
Apr 9, 2024
Shopware Improper Session Handling in store-api account logout
Moderate
CVE-2024-31447
was published
for
shopware/core
(Composer)
Apr 8, 2024
Symfony DoS
Moderate
CVE-2018-11386
was published
for
symfony/http-foundation
(Composer)
May 14, 2022
Magento Insufficient Session Expiration
Moderate
CVE-2021-21031
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento Insufficient Session Expiration
Moderate
CVE-2021-21032
was published
for
magento/community-edition
(Composer)
May 24, 2022
Concrete CMS missing secure cookie parameters
Moderate
CVE-2023-28472
was published
for
concrete5/concrete5
(Composer)
Apr 28, 2023
Admidio Insufficient Session Expiration vulnerability
Moderate
CVE-2023-4190
was published
for
admidio/admidio
(Composer)
Aug 6, 2023
Insufficient Session Expiration in thorsten/phpmyfaq
High
CVE-2023-5865
was published
for
thorsten/phpmyfaq
(Composer)
Oct 31, 2023
Insufficient Session Expiration after a password change
High
CVE-2023-38489
was published
for
getkirby/cms
(Composer)
Jul 28, 2023
October CMS Session ID not invalidated after logout
Critical
CVE-2021-3311
was published
for
october/rain
(Composer)
Feb 10, 2021
Microweber Insufficient Session Expiry
Moderate
CVE-2020-23136
was published
for
microweber/microweber
(Composer)
May 24, 2022
Symfony vulnerable to Session Fixation of CSRF tokens
Moderate
CVE-2022-24895
was published
for
symfony/security-bundle
(Composer)
Feb 1, 2023
Shopware user session is not logged out if the password is reset via password recovery
Low
CVE-2022-24744
was published
for
shopware/core
(Composer)
Mar 10, 2022
Firefly III insufficiently expires sessions
Moderate
CVE-2023-1788
was published
for
grumpydictator/firefly-iii
(Composer)
Apr 5, 2023
TYPO3 vulnerable to Insufficient Session Expiration
Critical
CVE-2022-47406
was published
for
derhansen/fe_change_pwd
(Composer)
Dec 14, 2022
Insufficient Session Expiration in shopware
Low
CVE-2022-21652
was published
for
shopware/shopware
(Composer)
Jan 6, 2022
Insufficient Session Expiration in librenms/librenms
Critical
CVE-2022-4070
was published
for
librenms/librenms
(Composer)
Nov 20, 2022
Cockpit before 2.2.0 vulnerable to Insufficient Session Expiration
Critical
CVE-2022-2713
was published
for
aheinze/cockpit
(Composer)
Aug 9, 2022
TYPO3 CMS vulnerable to Insufficient Session Expiration after Password Reset
Moderate
CVE-2022-23502
was published
for
typo3/cms
(Composer)
Dec 13, 2022
Insufficient Session Expiration in TYPO3's Admin Tool
Moderate
CVE-2022-31050
was published
for
typo3/cms
(Composer)
Jun 17, 2022
Old sessions not blocked by login enable function in Snipe-IT
High
CVE-2022-1155
was published
for
snipe/snipe-it
(Composer)
Mar 31, 2022
ProTip!
Advisories are also available from the
GraphQL API