Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

14 advisories

Loading
Insufficient Session Expiration in Kiali High
CVE-2020-1762 was published for github.com/kiali/kiali (Go) May 18, 2021
Zitadel RefreshToken invalidation vulnerability Moderate
CVE-2023-22492 was published for github.com/zitadel/zitadel (Go) Jan 11, 2023
sebastianbuechler
Invalid session token expiration High
CVE-2021-32923 was published for github.com/hashicorp/vault (Go) Jun 8, 2021
Insufficient Session Expiration in Nakama High
CVE-2022-2306 was published for github.com/heroiclabs/nakama (Go) Jul 6, 2022
Pinniped Supervisor Insufficient Session Expiration vulnerability Moderate
CVE-2022-31677 was published for go.pinniped.dev (Go) Sep 1, 2022
Use of a Key Past its Expiration Date and Insufficient Session Expiration in Maddy Mail Server Moderate
CVE-2022-24732 was published for github.com/foxcpp/maddy (Go) Mar 7, 2022
ysf
FlyteAdmin Insufficient AccessToken Expiration Check Moderate
CVE-2022-31145 was published for github.com/flyteorg/flyteadmin (Go) Jul 15, 2022
mayitbeegh
Answer vulnerable to Insufficient Session Expiration High
CVE-2023-1543 was published for github.com/answerdev/answer (Go) Mar 21, 2023
HashiCorp Nomad vulnerable to Insufficient Session Expiration Low
CVE-2022-3867 was published for github.com/hashicorp/nomad (Go) Nov 10, 2022
tdunlap607
Argo CD web terminal session doesn't expire High
CVE-2023-40025 was published for github.com/argoproj/argo-cd (Go) Aug 23, 2023
zhlu32
Answer Insufficient Session Expiration vulnerability Moderate
CVE-2023-4126 was published for github.com/answerdev/answer (Go) Aug 3, 2023
Token leases could outlive their TTL in HashiCorp Vault Critical
CVE-2020-25816 was published for github.com/hashicorp/vault (Go) May 24, 2022
Insufficient Session Expiration in github.com/greenpau/caddy-security Moderate
CVE-2024-21492 was published for github.com/greenpau/caddy-security (Go) Feb 17, 2024
Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider High
CVE-2023-22650 was published for github.com/rancher/rancher (Go) Jun 17, 2024
ProTip! Advisories are also available from the GraphQL API