GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,249
Erlang
31
GitHub Actions
21
Go
2,018
Maven
5,000+
npm
3,723
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
857
Swift
36
Unreviewed advisories
All unreviewed
5,000+
17 advisories
Filter by severity
Mage AI incorrectly gives privileges to users with deleted accounts
Moderate
CVE-2024-45187
was published
for
mage-ai
(pip)
Aug 23, 2024
Apache Airflow Providers FAB Insufficient Session Expiration vulnerability
Low
CVE-2024-42447
was published
for
apache-airflow-providers-fab
(pip)
Aug 5, 2024
zenml-io/zenml does not expire the session after password reset
Low
CVE-2024-4680
was published
for
zenml
(pip)
Jun 8, 2024
yt-dlp Generic Extractor MITM Vulnerability via Arbitrary Proxy Injection
Moderate
CVE-2023-46121
was published
for
yt-dlp
(pip)
Nov 15, 2023
Insufficient Session Expiration in pretix
High
CVE-2023-27891
was published
for
pretix
(pip)
Mar 7, 2023
vantage6 refresh tokens do not expire
High
CVE-2023-23929
was published
for
vantage6
(pip)
Feb 28, 2023
Pyload Insufficient Session Expiration vulnerability
Moderate
CVE-2023-0227
was published
for
pyload-ng
(pip)
Jan 12, 2023
rdiffweb vulnerable to Insufficient Session Expiration
High
CVE-2022-3362
was published
for
rdiffweb
(pip)
Nov 15, 2022
Apache Airflow may allow authenticated users who have been deactivated to continue using the UI or API
High
CVE-2022-41672
was published
for
apache-airflow
(pip)
Oct 7, 2022
OctoPrint vulnerable to Insufficient Session Expiration.
Moderate
CVE-2022-2888
was published
for
OctoPrint
(pip)
Sep 22, 2022
SaltStack Salt eauth tokens can be used once after expiration
Critical
CVE-2021-3144
was published
for
salt
(pip)
May 24, 2022
OpenStack Identity (Keystone) UUID v2 tokens does not expire with revocation events
High
CVE-2014-5252
was published
for
keystone
(pip)
May 17, 2022
OpenStack Keystone Domain-scoped tokens don't get revoked
High
CVE-2014-5253
was published
for
keystone
(pip)
May 17, 2022
OpenStack Identity (Keystone) Multiple vulnerabilities in revocation events
High
CVE-2014-5251
was published
for
keystone
(pip)
May 17, 2022
incomplete JupyterHub logout with simultaneous JupyterLab sessions
Moderate
CVE-2021-41247
was published
for
jupyterhub
(pip)
Nov 8, 2021
Insufficient Session Expiration in OpenStack Keystone
High
CVE-2020-12690
was published
for
keystone
(pip)
Jun 9, 2021
aiohttp-session creates non-expiring sessions
High
CVE-2018-1000814
was published
for
aiohttp-session
(pip)
Dec 20, 2018
ProTip!
Advisories are also available from the
GraphQL API