Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,968
Erlang
39
GitHub Actions
38
Go
2,616
Maven
5,000+
npm
4,255
NuGet
760
pip
4,040
Pub
12
RubyGems
953
Rust
1,050
Swift
45
Unreviewed advisories
All unreviewed
5,000+

21 advisories

Loading
Keycloak does not invalidate offline sessions when the offline_access scope is removed Moderate
CVE-2025-12110 was published for org.keycloak:keycloak-services (Maven) Oct 23, 2025
Keycloak does not invalidate sessions when "Remember Me" is disabled Moderate
CVE-2025-11429 was published for org.keycloak:keycloak-services (Maven) Oct 23, 2025
Liferay Portal and DXP does not properly expire sessions Moderate
CVE-2025-43819 was published for com.liferay:com.liferay.saml.impl (Maven) Sep 24, 2025
cai0duque
Credited to cai0duque
Session fixation vulnerability in Jenkins OpenId Connect Authentication Plugin High
CVE-2024-52553 was published for org.jenkins-ci.plugins:oic-auth (Maven) Nov 13, 2024
Keycloak vulnerable to session hijacking via re-authentication Moderate
CVE-2023-6787 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
Session Fixation Apache DolphinScheduler Moderate
CVE-2023-50270 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Feb 20, 2024
oscerd
Credited to oscerd
Apache InLong Insufficient Session Expiration vulnerability Critical
CVE-2023-31065 was published for org.apache.inlong:manager-dao (Maven) Jul 6, 2023
Graylog user session is still usable after logout Low
CVE-2023-41041 was published for org.graylog2:graylog2-server (Maven) Jul 6, 2023
thll
Credited to thll
Jenkins WSO2 Oauth Plugin Session Fixation vulnerability High
CVE-2023-33005 was published for org.jenkins-ci.plugins:wso2id-oauth (Maven) May 16, 2023
Insufficient Session Expiration in Jenkins Azure AD Plugin High
CVE-2023-24426 was published for org.jenkins-ci.plugins:azure-ad (Maven) Jan 26, 2023
Keycloak vulnerable to session takeover with OIDC offline refreshtokens Moderate
CVE-2022-3916 was published for org.keycloak:keycloak-parent (Maven) Dec 13, 2022
Flintholm
Credited to Flintholm
Liferay Portal and Liferay DXP fails to invalidate password reset tokens after use High
CVE-2021-33322 was published for com.liferay.portal:com.liferay.portal.impl (Maven) May 24, 2022
Keycloak Insufficient Session Expiry Moderate
CVE-2020-1724 was published for org.keycloak:keycloak-core (Maven) May 24, 2022
Keycloak CSRF Vulnerability High
CVE-2017-12159 was published for org.keycloak:keycloak-parent (Maven) May 13, 2022
Cloud Foundry Runtime Insufficient Session Expiration vulnerability Critical
CVE-2015-5171 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 13, 2022
sunSUNQ
Credited to sunSUNQ
Insufficient Session Expiration in Jenkins High
CVE-2019-1003049 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Keycloak insufficient session expiration High
CVE-2021-3461 was published for org.keycloak:keycloak-parent (Maven) Apr 3, 2022
Insufficient Session Expiration in Apache NiFi Registry Moderate
CVE-2020-9482 was published for org.apache.nifi.registry:nifi-registry-web-api (Maven) Feb 9, 2022
SessionListener can prevent a session from being invalidated breaking logout Low
CVE-2021-34428 was published for org.eclipse.jetty:jetty-server (Maven) Jun 23, 2021
rmannibucau stephenc
Credited to rmannibucau and stephenc
Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19 Moderate
CVE-2021-31408 was published for com.vaadin:vaadin-bom (Maven) Apr 22, 2021
Apache NiFi user log out issue High
CVE-2019-12421 was published for org.apache.nifi:nifi-web-api (Maven) Dec 2, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database