Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,501
Maven
5,000+
npm
4,147
NuGet
735
pip
3,948
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

359 advisories

Loading
Rack session gets restored after deletion Moderate
CVE-2025-46336 was published for rack-session (RubyGems) May 8, 2025
stengineering0 jeremyevans
ioquatix
Rack session gets restored after deletion Moderate
CVE-2025-32441 was published for rack (RubyGems) May 8, 2025
stengineering0 jeremyevans
ioquatix
ZITADEL Allows IdP Intent Token Reuse High
CVE-2025-46815 was published for github.com/zitadel/zitadel (Go) May 6, 2025
cfx livio-a
fforootd
Auth0 NextJS SDK v4 Missing Session Invalidation Moderate
CVE-2025-46344 was published for @auth0/nextjs-auth0 (npm) Apr 29, 2025
ALBEDO Telecom Net.Time - PTP/NTP clock (Serial No. NBC0081P) software release 1.4.4 is... High Unreviewed
CVE-2025-2185 was published Apr 25, 2025
Due to improper JSON Web Tokens implementation an unauthenticated remote attacker can guess a... High Unreviewed
CVE-2021-47663 was published Apr 24, 2025
IBM InfoSphere Information 11.7 Server does not invalidate session after logout which could allow... Moderate Unreviewed
CVE-2024-22351 was published Apr 24, 2025
An access control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows deleted users to... High Unreviewed
CVE-2025-28059 was published Apr 18, 2025
IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 does not invalidate session... Moderate Unreviewed
CVE-2024-45651 was published Apr 18, 2025
IBM Robotic Process Automation and Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7... Moderate Unreviewed
CVE-2024-49825 was published Apr 14, 2025
Mattermost Mobile Apps versions <=2.25.0  fail to terminate sessions during logout under certain... Low Unreviewed
CVE-2025-30516 was published Apr 14, 2025
A session management vulnerability exists in Apache Roller before version 6.1.5 where active user... Critical Unreviewed
CVE-2025-24859 was published Apr 14, 2025
Insufficient Session Expiration vulnerability in Progress Software Corporation Sitefinity under... High Unreviewed
CVE-2025-1968 was published Apr 9, 2025
IBM Jazz Reporting Service 7.0.2 and 7.0.3 does not invalidate session after logout which could... Moderate Unreviewed
CVE-2024-25051 was published Apr 2, 2025
A session management flaw in Nagios Network Analyzer 2024R1.0.3 allows an attacker to reuse... Moderate Unreviewed
CVE-2025-28132 was published Apr 1, 2025
Session logout could be overwritten in Checkmk GmbH's Checkmk versions <2.3.0p30, <2.2.0p41, and... Low Unreviewed
CVE-2025-2596 was published Mar 26, 2025
Incorrect cookie session handling in WombatDialer before 25.02 results in the full session... Moderate Unreviewed
CVE-2024-57056 was published Feb 18, 2025
An issue discovered in GitLab CE/EE affecting all versions from 16.11 prior to 17.6.5, 17.7 prior... Moderate Unreviewed
CVE-2025-1198 was published Feb 13, 2025
A vulnerability has been identified in SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 ... High Unreviewed
CVE-2024-45386 was published Feb 11, 2025
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.3, macOS... Critical Unreviewed
CVE-2025-24106 was published Jan 28, 2025
Insufficient Session Expiration vulnerability in Drupal Persistent Login allows Forceful Browsing... Critical Unreviewed
CVE-2024-13280 was published Jan 9, 2025
Apache Airflow Fab Provider Insufficient Session Expiration vulnerability Low
CVE-2024-45033 was published for apache-airflow-providers-fab (pip) Jan 8, 2025
: Insufficient Session Expiration vulnerability in Progress Sitefinity allows : Session Fixation... Moderate Unreviewed
CVE-2024-11627 was published Jan 7, 2025
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity... High Unreviewed
CVE-2025-22386 was published Jan 4, 2025
Missing session invalidation after user deletion. The following products are affected: Acronis... Moderate Unreviewed
CVE-2024-56413 was published Jan 2, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database