Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,354
Erlang
31
GitHub Actions
22
Go
2,120
Maven
5,000+
npm
3,779
NuGet
681
pip
3,460
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

310 advisories

Loading
The IceHrm 30.0.0 OS website was found vulnerable to Session Management Issue. A signout from an... Critical Unreviewed
CVE-2021-38823 was published May 24, 2022
An insufficient session expiration vulnerability in FortiSandbox versions 3.2.1 and below may... Moderate Unreviewed
CVE-2020-29012 was published May 24, 2022
An insufficient session expiration vulnerability exists in the "Fish | Hunt FL" iOS app version 3... High Unreviewed
CVE-2021-33982 was published May 24, 2022
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to... High Unreviewed
CVE-2021-39113 was published May 24, 2022
The useradm service 1.14.0 (in Northern.tech Mender Enterprise 2.7.x before 2.7.1) and 1.13.0 (in... High Unreviewed
CVE-2021-35342 was published May 24, 2022
Redmine 4.2.0 and 4.2.1 allow existing user sessions to continue upon enabling two-factor... High Unreviewed
CVE-2021-37156 was published May 24, 2022
IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 does not invalidate session after... Moderate Unreviewed
CVE-2021-20431 was published May 24, 2022
An issue was discovered in Joomla! 2.5.0 through 3.9.27. CMS functions did not properly termine... Moderate Unreviewed
CVE-2021-26037 was published May 24, 2022
IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not invalidate session after logout... High Unreviewed
CVE-2021-20378 was published May 24, 2022
Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series... High Unreviewed
CVE-2021-1542 was published May 24, 2022
An issue has been discovered in GitLab affecting all versions starting from 12.9.0 before 13.10.5... Moderate Unreviewed
CVE-2021-22221 was published May 24, 2022
In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where... Low Unreviewed
CVE-2021-22136 was published May 24, 2022
A vulnerability in the SIP inspection engine of Cisco Adaptive Security Appliance (ASA) Software... High Unreviewed
CVE-2021-1501 was published May 24, 2022
A vulnerability was found in the Quay web application. Sessions in the Quay web application never... Moderate Unreviewed
CVE-2019-3867 was published May 24, 2022
DomainMOD domainmod-v4.15.0 is affected by an insufficient session expiration vulnerability. On... Critical Unreviewed
CVE-2020-35358 was published May 24, 2022
SaltStack Salt eauth tokens can be used once after expiration Critical
CVE-2021-3144 was published for salt (pip) May 24, 2022
The Terminate Session feature in the Telegram application through 7.2.1 for Android, and through... Moderate Unreviewed
CVE-2021-27351 was published May 24, 2022
Magento Insufficient Session Expiration Moderate
CVE-2021-21031 was published for magento/community-edition (Composer) May 24, 2022
Magento Insufficient Session Expiration Moderate
CVE-2021-21032 was published for magento/community-edition (Composer) May 24, 2022
IBM Security Identity Governance and Intelligence 5.2.6 does not invalidate session after logout... Moderate Unreviewed
CVE-2020-4995 was published May 24, 2022
An insufficient session expiration vulnerability in FortiNet's FortiIsolator version 2.0.1 and... Critical Unreviewed
CVE-2020-6649 was published May 24, 2022
HCL OneTest Performance V9.5, V10.0, V10.1 contains an inadequate session timeout, which could... Moderate Unreviewed
CVE-2020-14247 was published May 24, 2022
Files.com Fat Client 3.3.6 allows authentication bypass because the client continues to have... High Unreviewed
CVE-2021-3183 was published May 24, 2022
The REST/JSON project 7.x-1.x for Drupal allows session name guessing, aka SA-CONTRIB-2016-033.... High Unreviewed
CVE-2016-20007 was published May 24, 2022
In Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker able to use a default cookie... Critical Unreviewed
CVE-2020-29667 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database