GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,740
Composer 4,239
Erlang 31
GitHub Actions 21
Go 2,007
Maven 5,196
npm 3,716
NuGet 662
pip 3,388
Pub 11
RubyGems 885
Rust 851
Swift 36

Unreviewed advisories

All unreviewed 235,881

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

207 advisories

Filter by severity

Sort by

Least recently updated

SurveyKing v0.2.0 was discovered to retain users' session cookies after logout, allowing... Moderate Unreviewed

CVE-2022-25590 was published Mar 26, 2022

An issue was discovered in MantisBT before 2.24.5. It associates a unique cookie string with each... High Unreviewed

CVE-2009-20001 was published Apr 21, 2022

A vulnerability in the SIP inspection engine of Cisco Adaptive Security Appliance (ASA) Software... High Unreviewed

CVE-2021-1501 was published May 24, 2022

Session fixation and insufficient session expiration vulnerabilities allow an attacker to perfom... Critical Unreviewed

CVE-2021-46279 was published Oct 24, 2022

BD Synapsys™, versions 4.20, 4.20 SR1, and 4.30, contain an insufficient session expiration... Moderate Unreviewed

CVE-2022-30277 was published Jun 3, 2022

IBM Robotic Process Automation for Cloud Pak 20.12 through 21.0.3 is vulnerable to broken access... High Unreviewed

CVE-2022-43844 was published Jan 5, 2023

An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to session hijacking... High Unreviewed

CVE-2017-6529 was published May 17, 2022

Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series... High Unreviewed

CVE-2021-1542 was published May 24, 2022

** DISPUTED ** A vulnerability has been found in Microsoft O365 and classified as critical. The... High Unreviewed

CVE-2022-2076 was published Jun 15, 2022

IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout... Critical Unreviewed

CVE-2022-22317 was published Jun 21, 2022

IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout... Critical Unreviewed

CVE-2022-22318 was published Jun 21, 2022

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are... Critical Unreviewed

CVE-2016-5069 was published May 17, 2022

A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3), SIMATIC MV540 S ... High Unreviewed

CVE-2022-33137 was published Jul 13, 2022

Mealie1.0.0beta3 does not terminate download tokens after a user logs out, allowing attackers to... Moderate Unreviewed

CVE-2022-34624 was published Aug 20, 2022

A remote authorization bypass vulnerability was discovered in Aruba ClearPass Policy Manager... High Unreviewed

CVE-2022-23669 was published May 18, 2022

NETGEAR JNR1010 devices before 1.0.0.32 have Incorrect Access Control because the ok value of the... Critical Unreviewed

CVE-2016-11014 was published May 24, 2022

In affected versions of Octopus Server it was identified that a session cookie could be used as... Moderate Unreviewed

CVE-2022-2783 was published Oct 6, 2022

A vulnerability in how Cisco Firepower Threat Defense (FTD) Software handles session timeouts for... Moderate Unreviewed

CVE-2020-3188 was published May 24, 2022

OpenVPN Access Server older than version 2.8.4 generates new user authentication tokens instead... Moderate Unreviewed

CVE-2020-15074 was published May 24, 2022

An exploitable nonce reuse vulnerability exists in the Web Application functionality of Moxa AWK... High Unreviewed

CVE-2016-8712 was published May 13, 2022

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The... Moderate Unreviewed

CVE-2020-13299 was published May 24, 2022

OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Curam... Moderate Unreviewed

CVE-2020-4780 was published May 24, 2022

The system console configuration option 'log-out-on-disconnect' In Juniper Networks Junos OS... Moderate Unreviewed

CVE-2020-1666 was published May 24, 2022

An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. Because of implicitly remembered... Moderate Unreviewed

CVE-2020-15774 was published May 24, 2022

CyberArk Privileged Session Manager (PSM) 10.9.0.15 allows attackers to discover internal... Moderate Unreviewed

CVE-2020-25374 was published May 24, 2022

Previous 1 2 3 4 5 … 8 9 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

207 advisories