GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,259
Composer 4,354
Erlang 31
GitHub Actions 22
Go 2,120
Maven 5,293
npm 3,779
NuGet 681
pip 3,460
Pub 12
RubyGems 892
Rust 888
Swift 38

Unreviewed advisories

All unreviewed 243,840

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

310 advisories

Filter by severity

Sort by

Least recently updated

An insufficient session expiration vulnerability in FortiNet's FortiIsolator version 2.0.1 and... Critical Unreviewed

CVE-2020-6649 was published May 24, 2022

Pinniped Supervisor Insufficient Session Expiration vulnerability Moderate

CVE-2022-31677 was published for go.pinniped.dev (Go) Sep 1, 2022

DomainMOD domainmod-v4.15.0 is affected by an insufficient session expiration vulnerability. On... Critical Unreviewed

CVE-2020-35358 was published May 24, 2022

A vulnerability was found in the Quay web application. Sessions in the Quay web application never... Moderate Unreviewed

CVE-2019-3867 was published May 24, 2022

Files.com Fat Client 3.3.6 allows authentication bypass because the client continues to have... High Unreviewed

CVE-2021-3183 was published May 24, 2022

HCL OneTest Performance V9.5, V10.0, V10.1 contains an inadequate session timeout, which could... Moderate Unreviewed

CVE-2020-14247 was published May 24, 2022

IBM Security Identity Governance and Intelligence 5.2.6 does not invalidate session after logout... Moderate Unreviewed

CVE-2020-4995 was published May 24, 2022

An issue has been discovered in GitLab affecting all versions starting from 12.9.0 before 13.10.5... Moderate Unreviewed

CVE-2021-22221 was published May 24, 2022

In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where... Low Unreviewed

CVE-2021-22136 was published May 24, 2022

IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not invalidate session after logout... High Unreviewed

CVE-2021-20378 was published May 24, 2022

An issue was discovered in Joomla! 2.5.0 through 3.9.27. CMS functions did not properly termine... Moderate Unreviewed

CVE-2021-26037 was published May 24, 2022

Prima Systems FlexAir devices have an Insufficient Session-ID Length. High Unreviewed

CVE-2019-7280 was published May 24, 2022

IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 does not invalidate session after... Moderate Unreviewed

CVE-2021-20431 was published May 24, 2022

Redmine 4.2.0 and 4.2.1 allow existing user sessions to continue upon enabling two-factor... High Unreviewed

CVE-2021-37156 was published May 24, 2022

In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x... Critical Unreviewed

CVE-2022-35728 was published Aug 5, 2022

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to... High Unreviewed

CVE-2021-39113 was published May 24, 2022

The useradm service 1.14.0 (in Northern.tech Mender Enterprise 2.7.x before 2.7.1) and 1.13.0 (in... High Unreviewed

CVE-2021-35342 was published May 24, 2022

An insufficient session expiration vulnerability exists in the "Fish | Hunt FL" iOS app version 3... High Unreviewed

CVE-2021-33982 was published May 24, 2022

An insufficient session expiration vulnerability in FortiSandbox versions 3.2.1 and below may... Moderate Unreviewed

CVE-2020-29012 was published May 24, 2022

The IceHrm 30.0.0 OS website was found vulnerable to Session Management Issue. A signout from an... Critical Unreviewed

CVE-2021-38823 was published May 24, 2022

Laravel Booking System Booking Core 2.0 is vulnerable to Session Management. A password change at... Critical Unreviewed

CVE-2021-37333 was published May 24, 2022

An insufficient session expiration vulnerability [CWE- 613] in FortiClientEMS versions 6.4.2 and... Critical Unreviewed

CVE-2021-24019 was published May 24, 2022

IBM Sterling File Gateway User Interface 2.2.0.0 through 6.1.1.0 does not invalidate session... Moderate Unreviewed

CVE-2021-20473 was published May 24, 2022

The vulnerability can be described as a failure to invalidate user session upon password change.... Moderate Unreviewed

CVE-2021-35214 was published May 24, 2022

IBM i2 iBase 8.9.13 and 9.0.0 could allow a local attacker to obtain sensitive information due to... Moderate Unreviewed

CVE-2021-29868 was published May 24, 2022

Previous 1 2 3 4 5 … 12 13 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

310 advisories