Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,856
Erlang
36
GitHub Actions
36
Go
2,488
Maven
5,000+
npm
4,104
NuGet
735
pip
3,923
Pub
12
RubyGems
945
Rust
1,017
Swift
39
Unreviewed advisories
All unreviewed
5,000+

152 advisories

Loading
The MFA management features did not properly terminate existing user sessions when a user's MFA... Moderate Unreviewed
CVE-2024-21722 was published Feb 29, 2024
A CWE-613 “Insufficient Session Expiration” vulnerability in the web application, due to the... Moderate Unreviewed
CVE-2023-45600 was published Mar 5, 2024
Improper session management in the identity provider authentication flow in Devolutions Server... Moderate Unreviewed
CVE-2024-1900 was published Mar 6, 2024
A vulnerability in Cisco Duo Authentication for Windows Logon and RDP could allow an... Moderate Unreviewed
CVE-2024-20301 was published Mar 6, 2024
Dell PowerScale OneFS, versions 9.5.0.x through 9.7.0.x, contain an insufficient session... Moderate Unreviewed
CVE-2024-25954 was published Mar 28, 2024
Shopware Improper Session Handling in store-api account logout Moderate
CVE-2024-31447 was published for shopware/core (Composer) Apr 8, 2024
mdanilowicz
Contao: Remember-me tokens will not be cleared after a password change Moderate
CVE-2024-30262 was published for contao/core-bundle (Composer) Apr 9, 2024
bytehead
zcap has incomplete expiration checks in capability chains. Moderate
CVE-2024-31995 was published for @digitalbazaar/zcap (npm) Apr 10, 2024
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3... Moderate Unreviewed
CVE-2024-22358 was published Apr 12, 2024
cskefu v7 suffers from Insufficient Session Expiration, which allows attackers to exploit the old... Moderate Unreviewed
CVE-2024-29402 was published Apr 17, 2024
Keycloak vulnerable to session hijacking via re-authentication Moderate
CVE-2023-6787 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not invalidate session after logout which... Moderate Unreviewed
CVE-2023-40695 was published May 3, 2024
Directus Lacks Session Tokens Invalidation Moderate
CVE-2024-34709 was published for directus (npm) May 13, 2024
An issue in SurveyKing v1.3.1 allows attackers to execute a session replay attack after a user... Moderate Unreviewed
CVE-2024-35048 was published May 14, 2024
Reportico Web fails to invalidate cookies upon logout Moderate
CVE-2024-31556 was published for reportico-web/reportico (Composer) May 14, 2024
An access control issue in Wvp GB28181 Pro 2.0 allows users to continue to access information in... Moderate Unreviewed
CVE-2024-36523 was published Jun 12, 2024
IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 uses... Moderate Unreviewed
CVE-2022-32759 was published Jul 25, 2024
IBM Aspera Orchestrator 4.0.1 does not invalidate session after a password change which could... Moderate Unreviewed
CVE-2023-26288 was published Jul 30, 2024
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10... Moderate Unreviewed
CVE-2022-38382 was published Aug 13, 2024
Mage AI incorrectly gives privileges to users with deleted accounts Moderate
CVE-2024-45187 was published for mage-ai (pip) Aug 23, 2024
A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 SP2).... Moderate Unreviewed
CVE-2024-32006 was published Sep 10, 2024
IBM Aspera Shares 1.0 through 1.10.0 PL3 does not invalidate session after a password reset which... Moderate Unreviewed
CVE-2024-38315 was published Sep 16, 2024
HCL Nomad is susceptible to an insufficient session expiration vulnerability.   Under certain... Moderate Unreviewed
CVE-2024-23586 was published Sep 28, 2024
IoT Haat Smart Plug IH-IN-16A-S IH-IN-16A-S v5.16.1 suffers from Insufficient Session Expiration.... Moderate Unreviewed
CVE-2024-46040 was published Oct 7, 2024
The logout operation in the CloudStack web interface does not expire the user session completely... Moderate Unreviewed
CVE-2024-45462 was published Oct 16, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database