Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,662
Maven
5,000+
npm
4,289
NuGet
760
pip
4,069
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

36 advisories

Loading
Apache Airflow Fab Provider Insufficient Session Expiration vulnerability Low
CVE-2024-45033 was published for apache-airflow-providers-fab (pip) Jan 8, 2025
Apache Airflow Providers FAB Insufficient Session Expiration vulnerability Low
CVE-2024-42447 was published for apache-airflow-providers-fab (pip) Aug 5, 2024
Mattermost Mobile Apps versions <=2.25.0  fail to terminate sessions during logout under certain... Low Unreviewed
CVE-2025-30516 was published Apr 14, 2025
Web sessions in the web interface of Palo Alto Networks Prisma® Cloud Compute Edition do not... Low Unreviewed
CVE-2025-0138 was published May 14, 2025
Sametime is impacted by a failure to invalidate sessions. The application is setting sensitive... Low Unreviewed
CVE-2023-45718 was published Feb 10, 2024
ash_authentication_phoenix has Insufficient Session Expiration Low
CVE-2025-4754 was published for ash_authentication_phoenix (Erlang) Jun 17, 2025
jimsynz zachdaniel
mbuhot maennchen
Credited to jimsynz, zachdaniel, mbuhot, and maennchen
A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >=... Low Unreviewed
CVE-2024-41985 was published Aug 12, 2025
Session logout could be overwritten in Checkmk GmbH's Checkmk versions <2.3.0p30, <2.2.0p41, and... Low Unreviewed
CVE-2025-2596 was published Mar 26, 2025
Weblate has a long session expiry when verifying second factor Low
CVE-2025-58352 was published for Weblate (pip) Sep 4, 2025
nijel
Credited to nijel
Fides' Admin UI User Password Change Does Not Invalidate Current Session Low
CVE-2025-57766 was published for ethyca-fides (pip) Sep 8, 2025
thabofletcher adamsachs
daveqnet
Credited to thabofletcher, adamsachs, and daveqnet
CISA Thorium does not properly invalidate previously used tokens when resetting passwords. An... Low Unreviewed
CVE-2025-35433 was published Sep 17, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database