Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,614
Maven
5,000+
npm
4,254
NuGet
760
pip
4,031
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

36 advisories

Loading
Potential Session Hijacking Low
GHSA-h9q8-5gv2-v6mg was published for shopware/platform (Composer) Mar 12, 2021
Shopware has Insufficient Session Expiration in Administration Low
CVE-2023-22732 was published for shopware/core (Composer) Jan 20, 2023
In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where... Low Unreviewed
CVE-2021-22136 was published May 24, 2022
HCL Commerce is affected by an Insufficient Session Expiration vulnerability. After the session... Low Unreviewed
CVE-2021-27751 was published May 7, 2022
SessionListener can prevent a session from being invalidated breaking logout Low
CVE-2021-34428 was published for org.eclipse.jetty:jetty-server (Maven) Jun 23, 2021
rmannibucau stephenc
Credited to rmannibucau and stephenc
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow a local user to obtain sensitive... Low Unreviewed
CVE-2016-0234 was published May 13, 2022
Insufficient Session Expiration in shopware Low
CVE-2022-21652 was published for shopware/shopware (Composer) Jan 6, 2022
Improper session management vulnerability in Samsung Health prior to 6.20.1.005 prevents logging... Low Unreviewed
CVE-2022-22283 was published Jan 11, 2022
Gitaly Insufficient Session Expiration vulnerability Low
CVE-2020-13353 was published for gitaly (RubyGems) May 24, 2022
An insufficient session expiration vulnerability exists in the ArubaOS command line interface.... Low Unreviewed
CVE-2023-22771 was published Mar 1, 2023
IBM Robotic Process Automation 21.0.1 through 21.0.7 and 23.0.0 through 23.0.1 could allow a user... Low Unreviewed
CVE-2023-22591 was published Mar 15, 2023
HashiCorp Nomad vulnerable to Insufficient Session Expiration Low
CVE-2022-3867 was published for github.com/hashicorp/nomad (Go) Nov 10, 2022
tdunlap607
Credited to tdunlap607
Shopware user session is not logged out if the password is reset via password recovery Low
CVE-2022-24744 was published for shopware/core (Composer) Mar 10, 2022
tdunlap607
Credited to tdunlap607
Insufficient Session Expiration in GitHub repository fossbilling/fossbilling prior to 0.5.5. Low Unreviewed
CVE-2023-4005 was published Jul 31, 2023
Graylog user session is still usable after logout Low
CVE-2023-41041 was published for org.graylog2:graylog2-server (Maven) Jul 6, 2023
thll
Credited to thll
A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been rated as... Low Unreviewed
CVE-2024-0350 was published Jan 10, 2024
A vulnerability was found in Totolink T8 4.1.5cu.833_20220905. It has been rated as problematic.... Low Unreviewed
CVE-2024-0944 was published Jan 26, 2024
A vulnerability was found in Totolink N350RT 9.3.5u.6255. It has been declared as problematic.... Low Unreviewed
CVE-2024-0943 was published Jan 26, 2024
SAP Enable Now, before version 1908, does not invalidate session tokens in a timely manner. The... Low Unreviewed
CVE-2020-6197 was published May 24, 2022
A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile... Low Unreviewed
CVE-2023-40732 was published Sep 14, 2023
A vulnerability was found in Totolink N200RE V5 9.3.5u.6255_B20211224. It has been classified as... Low Unreviewed
CVE-2024-0942 was published Jan 26, 2024
silverstripe/framework's pre-existing alc_enc cookies log users in if remember me is disabled Low
GHSA-5r8w-66hq-rc39 was published for silverstripe/framework (Composer) May 27, 2024
zenml-io/zenml does not expire the session after password reset Low
CVE-2024-4680 was published for zenml (pip) Jun 8, 2024
An insufficient session expiration vulnerability [CWE-613] vulnerability in FortiOS 7.2.5 and... Low Unreviewed
CVE-2022-45862 was published Aug 13, 2024
In affected versions of Octopus Server OIDC cookies were using the wrong expiration time which... Low Unreviewed
CVE-2024-7998 was published Aug 21, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database