Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,698
Maven
5,000+
npm
4,325
NuGet
761
pip
4,099
Pub
12
RubyGems
958
Rust
1,063
Swift
45
Unreviewed advisories
All unreviewed
5,000+

122 advisories

Loading
nopCommerce v4.70 and prior, and version 4.80.3, does not invalidate session cookies after logout... High Unreviewed
CVE-2025-11699 was published Dec 1, 2025
Flowise Fails to Invalidate Existing Sessions After Password Changes High
GHSA-x7rp-qj2h-ghgw was published for flowise (npm) Nov 14, 2025
mbiesiad
Credited to mbiesiad
The equipment grants a JWT token for each connection in the timeline, but during an active valid... High Unreviewed
CVE-2025-64386 was published Oct 31, 2025
Nagios Fusion versions prior to R2.1 contain a vulnerability due to the application not requiring... High Unreviewed
CVE-2025-34269 was published Oct 31, 2025
An insufficient session expiration vulnerability [CWE-613] and an incorrect authorization... High Unreviewed
CVE-2024-33507 was published Oct 14, 2025
Coder vulnerable to privilege escalation could lead to a cross workspace compromise High
CVE-2025-58437 was published for github.com/coder/coder/v2 (Go) Sep 5, 2025
johnstcn
Credited to johnstcn
Improper session invalidation in the component /carrental/update-password.php of PHPGurukul Car... High Unreviewed
CVE-2025-50486 was published Jul 28, 2025
Improper session invalidation in the component /crm/change-password.php of PHPGurukul Online... High Unreviewed
CVE-2025-50485 was published Jul 28, 2025
Improper session invalidation in the component /bbdms/change-password.php of PHPGurukul Blood... High Unreviewed
CVE-2025-50487 was published Jul 28, 2025
Improper session invalidation in the component /crm/change-password.php of PHPGurukul Small CRM... High Unreviewed
CVE-2025-50484 was published Jul 28, 2025
Improper session invalidation in the component /banker/change-password.php of PHPGurukul Bank... High Unreviewed
CVE-2025-50491 was published Jul 28, 2025
Improper session invalidation in the component /library/change-password.php of PHPGurukul Online... High Unreviewed
CVE-2025-50488 was published Jul 28, 2025
HCL iAutomate is affected by an insufficient session expiration. This allows tokens to remain... High Unreviewed
CVE-2025-31952 was published Jul 24, 2025
File Browser’s insecure JWT handling can lead to session replay attacks after logout High
CVE-2025-53826 was published for github.com/filebrowser/filebrowser (Go) Jul 16, 2025
maen08 hacdias
Credited to maen08 and hacdias
MICROSENS NMP Web+ contain JSON Web Tokens (JWT) that do not expire, which could allow an... High Unreviewed
CVE-2025-49152 was published Jun 26, 2025
A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions < V4.1 Update 3),... High Unreviewed
CVE-2025-40566 was published May 13, 2025
ZITADEL Allows IdP Intent Token Reuse High
CVE-2025-46815 was published for github.com/zitadel/zitadel (Go) May 6, 2025
cfx livio-a
fforootd
Credited to cfx, livio-a, and fforootd
ALBEDO Telecom Net.Time - PTP/NTP clock (Serial No. NBC0081P) software release 1.4.4 is... High Unreviewed
CVE-2025-2185 was published Apr 25, 2025
Due to improper JSON Web Tokens implementation an unauthenticated remote attacker can guess a... High Unreviewed
CVE-2021-47663 was published Apr 24, 2025
An access control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows deleted users to... High Unreviewed
CVE-2025-28059 was published Apr 18, 2025
Insufficient Session Expiration vulnerability in Progress Software Corporation Sitefinity under... High Unreviewed
CVE-2025-1968 was published Apr 9, 2025
A vulnerability has been identified in SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 ... High Unreviewed
CVE-2024-45386 was published Feb 11, 2025
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity... High Unreviewed
CVE-2025-22386 was published Jan 4, 2025
TShock Security Escalation Exploit High
GHSA-hvm9-wc8j-mgrc was published for TShock (NuGet) Dec 18, 2024
sgkoishi THEXN
Credited to sgkoishi and THEXN
Session fixation vulnerability in Jenkins OpenId Connect Authentication Plugin High
CVE-2024-52553 was published for org.jenkins-ci.plugins:oic-auth (Maven) Nov 13, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database