Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,128
NuGet
735
pip
3,944
Pub
12
RubyGems
945
Rust
1,024
Swift
39
Unreviewed advisories
All unreviewed
5,000+

106 advisories

Loading
@fastify/secure-session: Reuse of destroyed secure session cookie High
CVE-2024-31999 was published for @fastify/secure-session (npm) Apr 10, 2024
AdamKorcz mcollina
arthurscchan
Contao: Remember-me tokens will not be cleared after a password change Moderate
CVE-2024-30262 was published for contao/core-bundle (Composer) Apr 9, 2024
bytehead
Shopware Improper Session Handling in store-api account logout Moderate
CVE-2024-31447 was published for shopware/core (Composer) Apr 8, 2024
mdanilowicz
Session Fixation Apache DolphinScheduler Moderate
CVE-2023-50270 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Feb 20, 2024
oscerd
Insufficient Session Expiration in github.com/greenpau/caddy-security Moderate
CVE-2024-21492 was published for github.com/greenpau/caddy-security (Go) Feb 17, 2024
Samly access control vulnerability Critical
CVE-2024-25718 was published for Samly (Erlang) Feb 11, 2024
yt-dlp Generic Extractor MITM Vulnerability via Arbitrary Proxy Injection Moderate
CVE-2023-46121 was published for yt-dlp (pip) Nov 15, 2023
coletdjnz
Insufficient Session Expiration in thorsten/phpmyfaq High
CVE-2023-5865 was published for thorsten/phpmyfaq (Composer) Oct 31, 2023
Argo CD web terminal session doesn't expire High
CVE-2023-40025 was published for github.com/argoproj/argo-cd/v2 (Go) Aug 23, 2023
zhlu32
@node-saml/node-saml's validatePostRequestAsync does not include checkTimestampsValidityError Moderate
CVE-2023-40178 was published for @node-saml/node-saml (npm) Aug 21, 2023
jindazhao01
Admidio Insufficient Session Expiration vulnerability Moderate
CVE-2023-4190 was published for admidio/admidio (Composer) Aug 6, 2023
Answer Insufficient Session Expiration vulnerability Moderate
CVE-2023-4126 was published for github.com/answerdev/answer (Go) Aug 3, 2023
Insufficient Session Expiration after a password change High
CVE-2023-38489 was published for getkirby/cms (Composer) Jul 28, 2023
5hank4r
Apache InLong Insufficient Session Expiration vulnerability Critical
CVE-2023-31065 was published for org.apache.inlong:manager-dao (Maven) Jul 6, 2023
Graylog user session is still usable after logout Low
CVE-2023-41041 was published for org.graylog2:graylog2-server (Maven) Jul 6, 2023
thll
Jenkins WSO2 Oauth Plugin Session Fixation vulnerability High
CVE-2023-33005 was published for org.jenkins-ci.plugins:wso2id-oauth (Maven) May 16, 2023
Concrete CMS missing secure cookie parameters Moderate
CVE-2023-28472 was published for concrete5/concrete5 (Composer) Apr 28, 2023
MarkLee131
Firefly III insufficiently expires sessions Moderate
CVE-2023-1788 was published for grumpydictator/firefly-iii (Composer) Apr 5, 2023
Answer vulnerable to Insufficient Session Expiration High
CVE-2023-1543 was published for github.com/answerdev/answer (Go) Mar 21, 2023
Insufficient Session Expiration in pretix High
CVE-2023-27891 was published for pretix (pip) Mar 7, 2023
vantage6 refresh tokens do not expire High
CVE-2023-23929 was published for vantage6 (pip) Feb 28, 2023
Symfony vulnerable to Session Fixation of CSRF tokens Moderate
CVE-2022-24895 was published for symfony/security-bundle (Composer) Feb 1, 2023
nicolas-grekas lavish
Insufficient Session Expiration in Jenkins Azure AD Plugin High
CVE-2023-24426 was published for org.jenkins-ci.plugins:azure-ad (Maven) Jan 26, 2023
Shopware has Insufficient Session Expiration in Administration Low
CVE-2023-22732 was published for shopware/core (Composer) Jan 20, 2023
Pyload Insufficient Session Expiration vulnerability Moderate
CVE-2023-0227 was published for pyload-ng (pip) Jan 12, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database