GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,262
Erlang
31
GitHub Actions
21
Go
2,024
Maven
5,000+
npm
3,731
NuGet
662
pip
3,407
Pub
12
RubyGems
891
Rust
864
Swift
36
Unreviewed advisories
All unreviewed
5,000+
34 advisories
Filter by severity
Session fixation vulnerability in Jenkins OpenId Connect Authentication Plugin
High
CVE-2024-52553
was published
for
org.jenkins-ci.plugins:oic-auth
(Maven)
Nov 13, 2024
Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider
High
CVE-2023-22650
was published
for
github.com/rancher/rancher
(Go)
Jun 17, 2024
zfr authentication adapter did not verify validity of tokens
High
GHSA-rcm4-jv5g-wccm
was published
for
zfr/zfr-oauth2-server-module
(Composer)
Jun 7, 2024
@fastify/session reuses destroyed session cookie
High
CVE-2024-35220
was published
for
@fastify/session
(npm)
May 21, 2024
@fastify/secure-session: Reuse of destroyed secure session cookie
High
CVE-2024-31999
was published
for
@fastify/secure-session
(npm)
Apr 10, 2024
Insufficient Session Expiration in thorsten/phpmyfaq
High
CVE-2023-5865
was published
for
thorsten/phpmyfaq
(Composer)
Oct 31, 2023
Argo CD web terminal session doesn't expire
High
CVE-2023-40025
was published
for
github.com/argoproj/argo-cd
(Go)
Aug 23, 2023
Insufficient Session Expiration after a password change
High
CVE-2023-38489
was published
for
getkirby/cms
(Composer)
Jul 28, 2023
Jenkins WSO2 Oauth Plugin Session Fixation vulnerability
High
CVE-2023-33005
was published
for
org.jenkins-ci.plugins:wso2id-oauth
(Maven)
May 16, 2023
Answer vulnerable to Insufficient Session Expiration
High
CVE-2023-1543
was published
for
github.com/answerdev/answer
(Go)
Mar 21, 2023
Insufficient Session Expiration in pretix
High
CVE-2023-27891
was published
for
pretix
(pip)
Mar 7, 2023
vantage6 refresh tokens do not expire
High
CVE-2023-23929
was published
for
vantage6
(pip)
Feb 28, 2023
Insufficient Session Expiration in Jenkins Azure AD Plugin
High
CVE-2023-24426
was published
for
org.jenkins-ci.plugins:azure-ad
(Maven)
Jan 26, 2023
rdiffweb vulnerable to Insufficient Session Expiration
High
CVE-2022-3362
was published
for
rdiffweb
(pip)
Nov 15, 2022
Apache Airflow may allow authenticated users who have been deactivated to continue using the UI or API
High
CVE-2022-41672
was published
for
apache-airflow
(pip)
Oct 7, 2022
Insufficient Session Expiration in Nakama
High
CVE-2022-2306
was published
for
github.com/heroiclabs/nakama
(Go)
Jul 6, 2022
Insufficient Session Expiration in NocoDB
High
CVE-2022-2064
was published
for
nocodb
(npm)
Jun 14, 2022
Camaleon CMS Insufficient Session Expiration vulnerability
High
CVE-2021-25970
was published
for
camaleon_cms
(RubyGems)
May 24, 2022
OpenStack Identity (Keystone) UUID v2 tokens does not expire with revocation events
High
CVE-2014-5252
was published
for
keystone
(pip)
May 17, 2022
OpenStack Keystone Domain-scoped tokens don't get revoked
High
CVE-2014-5253
was published
for
keystone
(pip)
May 17, 2022
OpenStack Identity (Keystone) Multiple vulnerabilities in revocation events
High
CVE-2014-5251
was published
for
keystone
(pip)
May 17, 2022
Keycloak CSRF Vulnerability
High
CVE-2017-12159
was published
for
org.keycloak:keycloak-parent
(Maven)
May 13, 2022
Insufficient Session Expiration in Jenkins
High
CVE-2019-1003049
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Keycloak insufficient session expiration
High
CVE-2021-3461
was published
for
org.keycloak:keycloak-parent
(Maven)
Apr 3, 2022
Old sessions not blocked by login enable function in Snipe-IT
High
CVE-2022-1155
was published
for
snipe/snipe-it
(Composer)
Mar 31, 2022
ProTip!
Advisories are also available from the
GraphQL API