GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
200 advisories
Filter by severity
The useradm service 1.14.0 (in Northern.tech Mender Enterprise 2.7.x before 2.7.1) and 1.13.0 (in...
High
Unreviewed
CVE-2021-35342
was published
May 24, 2022
An insufficient session expiration vulnerability exists in the "Fish | Hunt FL" iOS app version 3...
High
Unreviewed
CVE-2021-33982
was published
May 24, 2022
An insufficient session expiration vulnerability in FortiSandbox versions 3.2.1 and below may...
Moderate
Unreviewed
CVE-2020-29012
was published
May 24, 2022
The IceHrm 30.0.0 OS website was found vulnerable to Session Management Issue. A signout from an...
Critical
Unreviewed
CVE-2021-38823
was published
May 24, 2022
Laravel Booking System Booking Core 2.0 is vulnerable to Session Management. A password change at...
Critical
Unreviewed
CVE-2021-37333
was published
May 24, 2022
An insufficient session expiration vulnerability [CWE- 613] in FortiClientEMS versions 6.4.2 and...
Critical
Unreviewed
CVE-2021-24019
was published
May 24, 2022
IBM Sterling File Gateway User Interface 2.2.0.0 through 6.1.1.0 does not invalidate session...
Moderate
Unreviewed
CVE-2021-20473
was published
May 24, 2022
The vulnerability can be described as a failure to invalidate user session upon password change....
Moderate
Unreviewed
CVE-2021-35214
was published
May 24, 2022
IBM i2 iBase 8.9.13 and 9.0.0 could allow a local attacker to obtain sensitive information due to...
Moderate
Unreviewed
CVE-2021-29868
was published
May 24, 2022
In affected versions of Octopus Server it is possible for a session token to be valid...
Critical
Unreviewed
CVE-2022-2782
was published
Oct 27, 2022
In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, the account associated with a web...
Critical
Unreviewed
CVE-2021-40849
was published
May 24, 2022
A vulnerability in the web-based management interface of multiple Cisco Small Business Series...
High
Unreviewed
CVE-2021-34739
was published
May 24, 2022
In Factor (App Framework & Headless CMS) v1.0.4 to v1.8.30, improperly invalidate a user’s...
Critical
Unreviewed
CVE-2021-25985
was published
May 24, 2022
In ArangoDB, versions v3.7.6 through v3.8.3 are vulnerable to Insufficient Session Expiration....
High
Unreviewed
CVE-2021-25940
was published
May 24, 2022
In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack...
High
Unreviewed
CVE-2021-33322
was published
May 24, 2022
IBM Cloud Pak for Security 1.3.0.1(CP4S) does not invalidate session after logout which could...
Moderate
Unreviewed
CVE-2020-4696
was published
May 24, 2022
In “Orchard core CMS” application, versions 1.0.0-beta1-3383 to 1.0.0 are vulnerable to an...
High
Unreviewed
CVE-2021-25966
was published
May 24, 2022
IBM InfoSphere Information Server 11.7 does not invalidate session after logout which could allow...
Moderate
Unreviewed
CVE-2022-41291
was published
Oct 7, 2022
devhub 0.102.0 was discovered to contain a broken session control.
Moderate
Unreviewed
CVE-2022-41542
was published
Oct 17, 2022
In Shopizer versions 2.3.0 to 3.0.1 are vulnerable to Insufficient Session Expiration. When a...
High
Unreviewed
CVE-2022-23063
was published
May 4, 2022
HCL Commerce is affected by an Insufficient Session Expiration vulnerability. After the session...
Low
Unreviewed
CVE-2021-27751
was published
May 7, 2022
A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 ...
Critical
Unreviewed
CVE-2022-24042
was published
May 11, 2022
nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key...
Moderate
Unreviewed
CVE-2014-3616
was published
May 13, 2022
A vulnerability in the SRX Series Service Gateway allows deleted dynamic VPN users to establish...
Moderate
Unreviewed
CVE-2019-0015
was published
May 13, 2022
On Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices, a logout action does not...
High
Unreviewed
CVE-2018-10990
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API