Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

285 advisories

Loading
Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider High
CVE-2023-22650 was published for github.com/rancher/rancher (Go) Jun 17, 2024
The logout operation in the CloudStack web interface does not expire the user session completely... Moderate Unreviewed
CVE-2024-45462 was published Oct 16, 2024
An issue in sbondCo Watcharr v.1.43.0 allows a remote attacker to execute arbitrary code and... High Unreviewed
CVE-2024-48827 was published Oct 11, 2024
OctoPrint vulnerable to Insufficient Session Expiration. Moderate
CVE-2022-2888 was published for OctoPrint (pip) Sep 22, 2022
HCL Nomad is susceptible to an insufficient session expiration vulnerability.   Under certain... Moderate Unreviewed
CVE-2024-23586 was published Sep 28, 2024
Insufficient Session Expiration in OpenStack Keystone High
CVE-2020-12690 was published for keystone (pip) Jun 9, 2021
incomplete JupyterHub logout with simultaneous JupyterLab sessions Moderate
CVE-2021-41247 was published for jupyterhub (pip) Nov 8, 2021
fritterhoff
An attacker with access to the network where CIRCUTOR Q-SMT is located in its firmware version 1... Critical Unreviewed
CVE-2024-8888 was published Sep 18, 2024
Rapid7 Nexpose versions 6.5.50 and prior suffer from insufficient session expiration when an... High Unreviewed
CVE-2019-5638 was published May 24, 2022
IBM Aspera Shares 1.0 through 1.10.0 PL3 does not invalidate session after a password reset which... Moderate Unreviewed
CVE-2024-38315 was published Sep 16, 2024
Apache Airflow may allow authenticated users who have been deactivated to continue using the UI or API High
CVE-2022-41672 was published for apache-airflow (pip) Oct 7, 2022
sunSUNQ
A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 SP2).... Moderate Unreviewed
CVE-2024-32006 was published Sep 10, 2024
One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to... High Unreviewed
CVE-2023-51772 was published Dec 25, 2023
An access control issue in Wvp GB28181 Pro 2.0 allows users to continue to access information in... Moderate Unreviewed
CVE-2024-36523 was published Jun 12, 2024
aiohttp-session creates non-expiring sessions Moderate
CVE-2018-1000814 was published for aiohttp-session (pip) Dec 20, 2018
@fastify/session reuses destroyed session cookie High
CVE-2024-35220 was published for @fastify/session (npm) May 21, 2024
Prag1974
An issue was discovered in Linksys Router E1700 1.0.04 (build 3), allows authenticated attackers... Moderate Unreviewed
CVE-2024-22543 was published Feb 27, 2024
The Central Manager user session refresh token does not expire when a user logs out.  Note:... High Unreviewed
CVE-2024-39809 was published Aug 14, 2024
An insufficient session expiration vulnerability [CWE-613] vulnerability in FortiOS 7.2.5 and... Low Unreviewed
CVE-2022-45862 was published Aug 13, 2024
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10... Moderate Unreviewed
CVE-2022-38382 was published Aug 13, 2024
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions ... High Unreviewed
CVE-2024-35206 was published Jun 11, 2024
xzs-mysql 3.8 is vulnerable to Insufficient Session Expiration, which allows attackers to use the... Critical Unreviewed
CVE-2024-29401 was published Mar 26, 2024
Apache Airflow Providers FAB Insufficient Session Expiration vulnerability Moderate
CVE-2024-42447 was published for apache-airflow-providers-fab (pip) Aug 5, 2024
On versions before 2.1.4, session is not invalidated after logout. When the user logged in... Critical Unreviewed
CVE-2024-29070 was published Jul 23, 2024
zenml-io/zenml does not expire the session after password reset Low
CVE-2024-4680 was published for zenml (pip) Jun 8, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database