Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,300
Erlang
31
GitHub Actions
21
Go
2,069
Maven
5,000+
npm
3,744
NuGet
668
pip
3,429
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

215 advisories

Loading
In JetBrains TeamCity before 2024.07 access tokens could continue working after deletion or... High Unreviewed
CVE-2024-41827 was published Jul 22, 2024
Multiple insufficient session expiration vulnerabilities [CWE-613] in FortiAIOps version 2.0.0... High Unreviewed
CVE-2024-27782 was published Jul 9, 2024
KSmserver in KDE Plasma Workspace (aka plasma-workspace) before 5.27.11.1 and 6.x before 6.0.5.1... High Unreviewed
CVE-2024-36041 was published Jul 5, 2024
The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. The... High Unreviewed
CVE-2024-5995 was published Jun 14, 2024
An access control issue in Wvp GB28181 Pro 2.0 allows users to continue to access information in... Moderate Unreviewed
CVE-2024-36523 was published Jun 12, 2024
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions ... High Unreviewed
CVE-2024-35206 was published Jun 11, 2024
SurveyKing v1.3.1 was discovered to keep users' sessions active after logout. Related to an... Critical Unreviewed
CVE-2024-35049 was published May 14, 2024
An issue in SurveyKing v1.3.1 allows attackers to escalate privileges via re-using the session ID... High Unreviewed
CVE-2024-35050 was published May 14, 2024
An issue in SurveyKing v1.3.1 allows attackers to execute a session replay attack after a user... Moderate Unreviewed
CVE-2024-35048 was published May 14, 2024
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not invalidate session after logout which... Moderate Unreviewed
CVE-2023-40695 was published May 3, 2024
cskefu v7 suffers from Insufficient Session Expiration, which allows attackers to exploit the old... Moderate Unreviewed
CVE-2024-29402 was published Apr 17, 2024
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3... Moderate Unreviewed
CVE-2024-22358 was published Apr 12, 2024
Dell PowerScale OneFS, versions 9.5.0.x through 9.7.0.x, contain an insufficient session... Moderate Unreviewed
CVE-2024-25954 was published Mar 28, 2024
xzs-mysql 3.8 is vulnerable to Insufficient Session Expiration, which allows attackers to use the... Critical Unreviewed
CVE-2024-29401 was published Mar 26, 2024
Insufficient session timeout vulnerability in the FAST3686 V2 Vodafone router from Sagemcom. This... High Unreviewed
CVE-2024-1623 was published Mar 14, 2024
A CWE-613 “Insufficient Session Expiration” vulnerability in the web application, due to the... Moderate Unreviewed
CVE-2023-45600 was published Mar 5, 2024
The MFA management features did not properly terminate existing user sessions when a user's MFA... Moderate Unreviewed
CVE-2024-21722 was published Feb 29, 2024
An issue was discovered in Linksys Router E1700 1.0.04 (build 3), allows authenticated attackers... Moderate Unreviewed
CVE-2024-22543 was published Feb 27, 2024
Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in... Moderate Unreviewed
CVE-2024-0008 was published Feb 14, 2024
When BIG-IP is deployed in high availability (HA) and an iControl REST API token is updated, the... High Unreviewed
CVE-2024-22389 was published Feb 14, 2024
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 does not invalidate session... Moderate Unreviewed
CVE-2023-45187 was published Feb 9, 2024
IBM PowerSC 1.3, 2.0, and 2.1 does not invalidate session after logout which could allow an... Moderate Unreviewed
CVE-2023-50936 was published Feb 2, 2024
A vulnerability was found in Totolink N200RE V5 9.3.5u.6255_B20211224. It has been classified as... Low Unreviewed
CVE-2024-0942 was published Jan 26, 2024
A vulnerability was found in Totolink N350RT 9.3.5u.6255. It has been declared as problematic.... Low Unreviewed
CVE-2024-0943 was published Jan 26, 2024
A vulnerability was found in Totolink T8 4.1.5cu.833_20220905. It has been rated as problematic.... Low Unreviewed
CVE-2024-0944 was published Jan 26, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database