Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,851
Erlang
36
GitHub Actions
35
Go
2,481
Maven
5,000+
npm
4,098
NuGet
734
pip
3,914
Pub
12
RubyGems
945
Rust
1,016
Swift
39
Unreviewed advisories
All unreviewed
5,000+

116 advisories

Loading
Improper session invalidation in the component /carrental/update-password.php of PHPGurukul Car... High Unreviewed
CVE-2025-50486 was published Jul 28, 2025
Improper session invalidation in the component /crm/change-password.php of PHPGurukul Online... High Unreviewed
CVE-2025-50485 was published Jul 28, 2025
Improper session invalidation in the component /bbdms/change-password.php of PHPGurukul Blood... High Unreviewed
CVE-2025-50487 was published Jul 28, 2025
Improper session invalidation in the component /crm/change-password.php of PHPGurukul Small CRM... High Unreviewed
CVE-2025-50484 was published Jul 28, 2025
Improper session invalidation in the component /banker/change-password.php of PHPGurukul Bank... High Unreviewed
CVE-2025-50491 was published Jul 28, 2025
Improper session invalidation in the component /library/change-password.php of PHPGurukul Online... High Unreviewed
CVE-2025-50488 was published Jul 28, 2025
HCL iAutomate is affected by an insufficient session expiration. This allows tokens to remain... High Unreviewed
CVE-2025-31952 was published Jul 24, 2025
File Browser’s insecure JWT handling can lead to session replay attacks after logout High
CVE-2025-53826 was published for github.com/filebrowser/filebrowser (Go) Jul 16, 2025
maen08 hacdias
MICROSENS NMP Web+ contain JSON Web Tokens (JWT) that do not expire, which could allow an... High Unreviewed
CVE-2025-49152 was published Jun 26, 2025
A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions < V4.1 Update 3),... High Unreviewed
CVE-2025-40566 was published May 13, 2025
ZITADEL Allows IdP Intent Token Reuse High
CVE-2025-46815 was published for github.com/zitadel/zitadel (Go) May 6, 2025
cfx livio-a
fforootd
ALBEDO Telecom Net.Time - PTP/NTP clock (Serial No. NBC0081P) software release 1.4.4 is... High Unreviewed
CVE-2025-2185 was published Apr 25, 2025
Due to improper JSON Web Tokens implementation an unauthenticated remote attacker can guess a... High Unreviewed
CVE-2021-47663 was published Apr 24, 2025
An access control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows deleted users to... High Unreviewed
CVE-2025-28059 was published Apr 18, 2025
Insufficient Session Expiration vulnerability in Progress Software Corporation Sitefinity under... High Unreviewed
CVE-2025-1968 was published Apr 9, 2025
A vulnerability has been identified in SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 ... High Unreviewed
CVE-2024-45386 was published Feb 11, 2025
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity... High Unreviewed
CVE-2025-22386 was published Jan 4, 2025
TShock Security Escalation Exploit High
GHSA-hvm9-wc8j-mgrc was published for TShock (NuGet) Dec 18, 2024
sgkoishi THEXN
Session fixation vulnerability in Jenkins OpenId Connect Authentication Plugin High
CVE-2024-52553 was published for org.jenkins-ci.plugins:oic-auth (Maven) Nov 13, 2024
An issue in sbondCo Watcharr v.1.43.0 allows a remote attacker to execute arbitrary code and... High Unreviewed
CVE-2024-48827 was published Oct 11, 2024
Improper Authentication vulnerability in Microchip TimeProvider 4100 (login modules) allows... High Unreviewed
CVE-2024-43685 was published Oct 4, 2024
The Central Manager user session refresh token does not expire when a user logs out.  Note:... High Unreviewed
CVE-2024-39809 was published Aug 14, 2024
In JetBrains TeamCity before 2024.07 access tokens could continue working after deletion or... High Unreviewed
CVE-2024-41827 was published Jul 22, 2024
Multiple insufficient session expiration vulnerabilities [CWE-613] in FortiAIOps version 2.0.0... High Unreviewed
CVE-2024-27782 was published Jul 9, 2024
KSmserver in KDE Plasma Workspace (aka plasma-workspace) before 5.27.11.1 and 6.x before 6.0.5.1... High Unreviewed
CVE-2024-36041 was published Jul 5, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database