Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

40 advisories

Loading
OpenStack Keystone Domain-scoped tokens don't get revoked High
CVE-2014-5253 was published for keystone (pip) May 17, 2022
Keycloak CSRF Vulnerability High
CVE-2017-12159 was published for org.keycloak:keycloak-parent (Maven) May 13, 2022
Insufficient Session Expiration in Jenkins High
CVE-2019-1003049 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
MantisBT Insufficient Session Expiration cookie string not reset after logout High
CVE-2009-20001 was published for mantisbt/mantisbt (Composer) Apr 21, 2022
Keycloak insufficient session expiration High
CVE-2021-3461 was published for org.keycloak:keycloak-parent (Maven) Apr 3, 2022
Old sessions not blocked by login enable function in Snipe-IT High
CVE-2022-1155 was published for snipe/snipe-it (Composer) Mar 31, 2022
joelpittet
Insufficient Session Expiration in Admidio High
CVE-2022-0991 was published for admidio/admidio (Composer) Mar 20, 2022
Insufficient Session Expiration in Sylius High
CVE-2022-24743 was published for sylius/sylius (Composer) Mar 14, 2022
Insufficient Session Expiration in @cyyynthia/tokenize High
GHSA-jcjx-c3j3-44pr was published for @cyyynthia/tokenize (npm) Nov 10, 2021
williamwa
Insufficient Session Expiration in OpenStack Keystone High
CVE-2020-12690 was published for keystone (pip) Jun 9, 2021
Invalid session token expiration High
CVE-2021-32923 was published for github.com/hashicorp/vault (Go) Jun 8, 2021
Insufficient Session Expiration in Kiali High
CVE-2020-1762 was published for github.com/kiali/kiali (Go) May 18, 2021
Ensure that doorkeeper_token is valid when authenticating requests in API v2 calls High
CVE-2020-15269 was published for spree (RubyGems) Oct 20, 2020
Morantron
Apache NiFi user log out issue High
CVE-2019-12421 was published for org.apache.nifi:nifi-web-api (Maven) Dec 2, 2019
aiohttp-session creates non-expiring sessions High
CVE-2018-1000814 was published for aiohttp-session (pip) Dec 20, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database