Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

40 advisories

Loading
Session fixation and insufficient session expiration vulnerabilities allow an attacker to perfom... Critical Unreviewed
CVE-2021-46279 was published Oct 24, 2022
IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout... Critical Unreviewed
CVE-2022-22317 was published Jun 21, 2022
IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout... Critical Unreviewed
CVE-2022-22318 was published Jun 21, 2022
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are... Critical Unreviewed
CVE-2016-5069 was published May 17, 2022
NETGEAR JNR1010 devices before 1.0.0.32 have Incorrect Access Control because the ok value of the... Critical Unreviewed
CVE-2016-11014 was published May 24, 2022
A Weak Session Management vulnerability in Citadel WebCit through 926 allows unauthenticated... Critical Unreviewed
CVE-2020-27739 was published May 24, 2022
In Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesn't expire... Critical Unreviewed
CVE-2020-27422 was published May 24, 2022
In Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker able to use a default cookie... Critical Unreviewed
CVE-2020-29667 was published May 24, 2022
An insufficient session expiration vulnerability in FortiNet's FortiIsolator version 2.0.1 and... Critical Unreviewed
CVE-2020-6649 was published May 24, 2022
DomainMOD domainmod-v4.15.0 is affected by an insufficient session expiration vulnerability. On... Critical Unreviewed
CVE-2020-35358 was published May 24, 2022
In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x... Critical Unreviewed
CVE-2022-35728 was published Aug 5, 2022
The IceHrm 30.0.0 OS website was found vulnerable to Session Management Issue. A signout from an... Critical Unreviewed
CVE-2021-38823 was published May 24, 2022
Laravel Booking System Booking Core 2.0 is vulnerable to Session Management. A password change at... Critical Unreviewed
CVE-2021-37333 was published May 24, 2022
An insufficient session expiration vulnerability [CWE- 613] in FortiClientEMS versions 6.4.2 and... Critical Unreviewed
CVE-2021-24019 was published May 24, 2022
In affected versions of Octopus Server it is possible for a session token to be valid... Critical Unreviewed
CVE-2022-2782 was published Oct 27, 2022
In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, the account associated with a web... Critical Unreviewed
CVE-2021-40849 was published May 24, 2022
In Factor (App Framework & Headless CMS) v1.0.4 to v1.8.30, improperly invalidate a user’s... Critical Unreviewed
CVE-2021-25985 was published May 24, 2022
A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 ... Critical Unreviewed
CVE-2022-24042 was published May 11, 2022
An insufficient session expiration vulnerability exists in Business-DNA Solutions GmbH’s TopEase®... Critical Unreviewed
CVE-2021-42545 was published Dec 1, 2021
Dell EMC Streaming Data Platform versions before 1.3 contain an Insufficient Session Expiration... Critical Unreviewed
CVE-2021-36330 was published Dec 1, 2021
Mahavitaran android application 7.50 and prior are affected by account takeover due to improper... Critical Unreviewed
CVE-2020-27416 was published Dec 9, 2021
An insufficient session expiration vulnerability in the CGI program of the Zyxel NBG6604 firmware... Critical Unreviewed
CVE-2021-35034 was published Dec 30, 2021
In Talkyard, regular versions v0.2021.20 through v0.2021.33 and dev versions v0.2021.20 through... Critical Unreviewed
CVE-2021-25981 was published Jan 4, 2022
In Mattermost Focalboard, versions prior to v0.7.5, v0.8.4, v0.9.5, v0.10.1 and v0.11.0-rc1; as... Critical Unreviewed
CVE-2022-22122 was published Jan 14, 2022
A CWE-614 Insufficient Session Expiration vulnerability exists that could allow an attacker to... Critical Unreviewed
CVE-2021-22820 was published Jan 29, 2022
ProTip! Advisories are also available from the GraphQL API