GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,262
Erlang
31
GitHub Actions
21
Go
2,024
Maven
5,000+
npm
3,731
NuGet
662
pip
3,407
Pub
12
RubyGems
891
Rust
864
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
91 advisories
Filter by severity
Insufficient Session Expiration in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
Moderate
Unreviewed
CVE-2023-5889
was published
Nov 1, 2023
Insufficient session expiration in Elenos ETG150 FM Transmitter v3.12 allows attackers to...
Moderate
Unreviewed
CVE-2023-39695
was published
Nov 1, 2023
Insufficient Session Expiration in GitHub repository linkstackorg/linkstack prior to v4.2.9.
Moderate
Unreviewed
CVE-2023-5838
was published
Oct 29, 2023
HCL Compass is vulnerable to failure to invalidate sessions. The application does not invalidate...
Moderate
Unreviewed
CVE-2023-37504
was published
Oct 19, 2023
IBM Security Verify Privilege On-Premises 11.5 could allow a user to obtain sensitive...
Moderate
Unreviewed
CVE-2021-20581
was published
Oct 17, 2023
Mattermost fails to check if an admin user account active after an oauth2 flow is started,...
Moderate
Unreviewed
CVE-2023-2788
was published
Jun 16, 2023
IBM Cloud Pak System Suite 2.3.3.0 through 2.3.3.5 does not invalidate session after logout which...
Moderate
Unreviewed
CVE-2020-4914
was published
May 5, 2023
IBM Cognos Command Center 10.2.4.1 could allow a local attacker to obtain sensitive information...
Moderate
Unreviewed
CVE-2022-38707
was published
May 5, 2023
In LemonLDAP::NG before 2.0.15. some sessions are not deleted when they are supposed to be...
Moderate
Unreviewed
CVE-2022-37186
was published
Apr 16, 2023
This disclosure regards a vulnerability related to UAA refresh tokens and external identity...
Moderate
Unreviewed
CVE-2023-20903
was published
Mar 28, 2023
Rapid7 InsightVM suffers from insufficient session expiration when an administrator performs a...
Moderate
Unreviewed
CVE-2021-3844
was published
Mar 24, 2023
SupportAssist for Home PCs (versions 3.11.4 and prior) contain an insufficient session expiration...
Moderate
Unreviewed
CVE-2022-34392
was published
Feb 11, 2023
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 does not invalidate session...
Moderate
Unreviewed
CVE-2022-22371
was published
Jan 5, 2023
IBM DataPower Gateway 10.0.3.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.9, 2018.4.1.0 through...
Moderate
Unreviewed
CVE-2022-40228
was published
Nov 22, 2022
"IBM MQ Appliance 9.2 CD, 9.2 LTS, 9.3 CD, and LTS 9.3 does not invalidate session after logout...
Moderate
Unreviewed
CVE-2022-40230
was published
Nov 4, 2022
devhub 0.102.0 was discovered to contain a broken session control.
Moderate
Unreviewed
CVE-2022-41542
was published
Oct 17, 2022
IBM InfoSphere Information Server 11.7 does not invalidate session after logout which could allow...
Moderate
Unreviewed
CVE-2022-41291
was published
Oct 7, 2022
In affected versions of Octopus Server it was identified that a session cookie could be used as...
Moderate
Unreviewed
CVE-2022-2783
was published
Oct 6, 2022
Rapid7 InsightVM suffers from an information exposure issue whereby, when the user's session has...
Moderate
Unreviewed
CVE-2019-5641
was published
Sep 22, 2022
Mealie1.0.0beta3 does not terminate download tokens after a user logs out, allowing attackers to...
Moderate
Unreviewed
CVE-2022-34624
was published
Aug 20, 2022
NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the ...
Moderate
Unreviewed
CVE-2022-30699
was published
Aug 2, 2022
NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the ...
Moderate
Unreviewed
CVE-2022-30698
was published
Aug 2, 2022
BD Synapsys™, versions 4.20, 4.20 SR1, and 4.30, contain an insufficient session expiration...
Moderate
Unreviewed
CVE-2022-30277
was published
Jun 3, 2022
IBM i2 iBase 8.9.13 and 9.0.0 could allow a local attacker to obtain sensitive information due to...
Moderate
Unreviewed
CVE-2021-29868
was published
May 24, 2022
The vulnerability can be described as a failure to invalidate user session upon password change....
Moderate
Unreviewed
CVE-2021-35214
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API