Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

30 advisories

Loading
October CMS Session ID not invalidated after logout Critical
CVE-2021-3311 was published for october/rain (Composer) Feb 10, 2021
Potential Session Hijacking Low
GHSA-h9q8-5gv2-v6mg was published for shopware/platform (Composer) Mar 12, 2021
Insufficient Session Expiration in shopware Low
CVE-2022-21652 was published for shopware/shopware (Composer) Jan 6, 2022
Insufficient Session Expiration in Pterodactyl API Moderate
GHSA-7v3x-h7r2-34jv was published for pterodactyl/panel (Composer) Jan 21, 2022
EgoMaw
Shopware user session is not logged out if the password is reset via password recovery Low
CVE-2022-24744 was published for shopware/core (Composer) Mar 10, 2022
tdunlap607
Insufficient Session Expiration in Sylius High
CVE-2022-24743 was published for sylius/sylius (Composer) Mar 14, 2022
Insufficient Session Expiration in Admidio High
CVE-2022-0991 was published for admidio/admidio (Composer) Mar 20, 2022
Old sessions not blocked by login enable function in Snipe-IT High
CVE-2022-1155 was published for snipe/snipe-it (Composer) Mar 31, 2022
joelpittet
SimpleSAMLphp Invalid token creation and validation Moderate
CVE-2017-12867 was published for simplesamlphp/simplesamlphp (Composer) May 13, 2022
Symfony DoS Moderate
CVE-2018-11386 was published for symfony/http-foundation (Composer) May 14, 2022
Microweber Insufficient Session Expiry Moderate
CVE-2020-23136 was published for microweber/microweber (Composer) May 24, 2022
Magento Insufficient Session Expiration Moderate
CVE-2021-21032 was published for magento/community-edition (Composer) May 24, 2022
Magento Insufficient Session Expiration Moderate
CVE-2021-21031 was published for magento/community-edition (Composer) May 24, 2022
Insufficient Session Expiration in TYPO3's Admin Tool Moderate
CVE-2022-31050 was published for typo3/cms (Composer) Jun 17, 2022
waldhacker1 ohader
Cockpit before 2.2.0 vulnerable to Insufficient Session Expiration Critical
CVE-2022-2713 was published for aheinze/cockpit (Composer) Aug 9, 2022
Insufficient Session Expiration in librenms/librenms Critical
CVE-2022-4070 was published for librenms/librenms (Composer) Nov 20, 2022
TYPO3 CMS vulnerable to Insufficient Session Expiration after Password Reset Moderate
CVE-2022-23502 was published for typo3/cms (Composer) Dec 13, 2022
derhansen
TYPO3 vulnerable to Insufficient Session Expiration Critical
CVE-2022-47406 was published for derhansen/fe_change_pwd (Composer) Dec 14, 2022
Shopware has Insufficient Session Expiration in Administration Low
CVE-2023-22732 was published for shopware/core (Composer) Jan 20, 2023
Symfony vulnerable to Session Fixation of CSRF tokens Moderate
CVE-2022-24895 was published for symfony/security-bundle (Composer) Feb 1, 2023
nicolas-grekas lavish
Firefly III insufficiently expires sessions Moderate
CVE-2023-1788 was published for grumpydictator/firefly-iii (Composer) Apr 5, 2023
Concrete CMS missing secure cookie parameters Moderate
CVE-2023-28472 was published for concrete5/concrete5 (Composer) Apr 28, 2023
MarkLee131
Insufficient Session Expiration after a password change High
CVE-2023-38489 was published for getkirby/cms (Composer) Jul 28, 2023
5hank4r
Admidio Insufficient Session Expiration vulnerability Moderate
CVE-2023-4190 was published for admidio/admidio (Composer) Aug 6, 2023
Insufficient Session Expiration in thorsten/phpmyfaq High
CVE-2023-5865 was published for thorsten/phpmyfaq (Composer) Oct 31, 2023
ProTip! Advisories are also available from the GraphQL API