GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,099
Composer 4,077
Erlang 29
GitHub Actions 19
Go 1,903
Maven 5,100
npm 3,632
NuGet 638
pip 3,249
Pub 10
RubyGems 864
Rust 818
Swift 35

Unreviewed advisories

All unreviewed 228,476

CC-BY-4.0 License

Language support

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

82 advisories

Filter by severity

Sort by

Least recently updated

SurveyKing v0.2.0 was discovered to retain users' session cookies after logout, allowing... Moderate Unreviewed

CVE-2022-25590 was published Mar 26, 2022

BD Synapsys™, versions 4.20, 4.20 SR1, and 4.30, contain an insufficient session expiration... Moderate Unreviewed

CVE-2022-30277 was published Jun 3, 2022

Mealie1.0.0beta3 does not terminate download tokens after a user logs out, allowing attackers to... Moderate Unreviewed

CVE-2022-34624 was published Aug 20, 2022

In affected versions of Octopus Server it was identified that a session cookie could be used as... Moderate Unreviewed

CVE-2022-2783 was published Oct 6, 2022

A vulnerability in how Cisco Firepower Threat Defense (FTD) Software handles session timeouts for... Moderate Unreviewed

CVE-2020-3188 was published May 24, 2022

OpenVPN Access Server older than version 2.8.4 generates new user authentication tokens instead... Moderate Unreviewed

CVE-2020-15074 was published May 24, 2022

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The... Moderate Unreviewed

CVE-2020-13299 was published May 24, 2022

OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Curam... Moderate Unreviewed

CVE-2020-4780 was published May 24, 2022

The system console configuration option 'log-out-on-disconnect' In Juniper Networks Junos OS... Moderate Unreviewed

CVE-2020-1666 was published May 24, 2022

An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. Because of implicitly remembered... Moderate Unreviewed

CVE-2020-15774 was published May 24, 2022

IBM Security Access Manager Appliance 9.0.7 does not invalidate session after logout which could... Moderate Unreviewed

CVE-2020-4395 was published May 24, 2022

CyberArk Privileged Session Manager (PSM) 10.9.0.15 allows attackers to discover internal... Moderate Unreviewed

CVE-2020-25374 was published May 24, 2022

IBM DataPower Gateway 10.0.3.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.9, 2018.4.1.0 through... Moderate Unreviewed

CVE-2022-40228 was published Nov 22, 2022

The Terminate Session feature in the Telegram application through 7.2.1 for Android, and through... Moderate Unreviewed

CVE-2021-27351 was published May 24, 2022

A vulnerability was found in the Quay web application. Sessions in the Quay web application never... Moderate Unreviewed

CVE-2019-3867 was published May 24, 2022

HCL OneTest Performance V9.5, V10.0, V10.1 contains an inadequate session timeout, which could... Moderate Unreviewed

CVE-2020-14247 was published May 24, 2022

IBM Security Identity Governance and Intelligence 5.2.6 does not invalidate session after logout... Moderate Unreviewed

CVE-2020-4995 was published May 24, 2022

An issue has been discovered in GitLab affecting all versions starting from 12.9.0 before 13.10.5... Moderate Unreviewed

CVE-2021-22221 was published May 24, 2022

An issue was discovered in Joomla! 2.5.0 through 3.9.27. CMS functions did not properly termine... Moderate Unreviewed

CVE-2021-26037 was published May 24, 2022

IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 does not invalidate session after... Moderate Unreviewed

CVE-2021-20431 was published May 24, 2022

An insufficient session expiration vulnerability in FortiSandbox versions 3.2.1 and below may... Moderate Unreviewed

CVE-2020-29012 was published May 24, 2022

IBM Sterling File Gateway User Interface 2.2.0.0 through 6.1.1.0 does not invalidate session... Moderate Unreviewed

CVE-2021-20473 was published May 24, 2022

The vulnerability can be described as a failure to invalidate user session upon password change.... Moderate Unreviewed

CVE-2021-35214 was published May 24, 2022

IBM i2 iBase 8.9.13 and 9.0.0 could allow a local attacker to obtain sensitive information due to... Moderate Unreviewed

CVE-2021-29868 was published May 24, 2022

IBM Cloud Pak for Security 1.3.0.1(CP4S) does not invalidate session after logout which could... Moderate Unreviewed

CVE-2020-4696 was published May 24, 2022

Previous 1 2 3 4 Next

ProTip! Advisories are also available from the GraphQL API

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

82 advisories