GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,093
Composer 4,077
Erlang 29
GitHub Actions 19
Go 1,902
Maven 5,100
npm 3,631
NuGet 638
pip 3,246
Pub 10
RubyGems 863
Rust 818
Swift 35

Unreviewed advisories

All unreviewed 228,442

CC-BY-4.0 License

Language support

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

197 advisories

Filter by severity

Sort by

Least recently updated

A Weak Session Management vulnerability in Citadel WebCit through 926 allows unauthenticated... Critical Unreviewed

CVE-2020-27739 was published May 24, 2022

CyberArk Privileged Session Manager (PSM) 10.9.0.15 allows attackers to discover internal... Moderate Unreviewed

CVE-2020-25374 was published May 24, 2022

An issue was discovered in the yh_create_session() function of yubihsm-shell through 2.0.2. The... High Unreviewed

CVE-2020-24387 was published May 24, 2022

The system console configuration option 'log-out-on-disconnect' In Juniper Networks Junos OS... Moderate Unreviewed

CVE-2020-1666 was published May 24, 2022

IBM Security Access Manager Appliance 9.0.7 does not invalidate session after logout which could... Moderate Unreviewed

CVE-2020-4395 was published May 24, 2022

OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Curam... Moderate Unreviewed

CVE-2020-4780 was published May 24, 2022

An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. Because of implicitly remembered... Moderate Unreviewed

CVE-2020-15774 was published May 24, 2022

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The... Moderate Unreviewed

CVE-2020-13299 was published May 24, 2022

When an agent user is renamed or set to invalid the session belonging to the user is keept active... Moderate Unreviewed

CVE-2020-1776 was published May 24, 2022

OpenVPN Access Server older than version 2.8.4 generates new user authentication tokens instead... Moderate Unreviewed

CVE-2020-15074 was published May 24, 2022

A vulnerability in how Cisco Firepower Threat Defense (FTD) Software handles session timeouts for... Moderate Unreviewed

CVE-2020-3188 was published May 24, 2022

SAP Enable Now, before version 1908, does not invalidate session tokens in a timely manner. The... Low Unreviewed

CVE-2020-6197 was published May 24, 2022

SAP Enable Now, before version 1911, sends the Session ID cookie value in URL. This might be... Moderate Unreviewed

CVE-2020-6178 was published May 24, 2022

Insufficient session validation in Intel(R) Baseboard Management Controller firmware may allow an... Critical Unreviewed

CVE-2019-11168 was published May 24, 2022

NETGEAR JNR1010 devices before 1.0.0.32 have Incorrect Access Control because the ok value of the... Critical Unreviewed

CVE-2016-11014 was published May 24, 2022

cPanel before 82.0.15 allows API token credentials to persist after an account has been renamed... High Unreviewed

CVE-2019-17375 was published May 24, 2022

Mastodon before 2.6.3 mishandles timeouts of incompletely established sessions. Critical Unreviewed

CVE-2018-21018 was published May 24, 2022

A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache... Moderate Unreviewed

CVE-2019-14826 was published May 24, 2022

An issue was discovered in eteams OA v4.0.34. Because the session is not strictly checked, the... Moderate Unreviewed

CVE-2019-16133 was published May 24, 2022

Rapid7 Nexpose versions 6.5.50 and prior suffer from insufficient session expiration when an... High Unreviewed

CVE-2019-5638 was published May 24, 2022

After user deletion in MongoDB Server the improper invalidation of authorization sessions allows... Moderate Unreviewed

CVE-2019-2386 was published May 24, 2022

Prima Systems FlexAir devices have an Insufficient Session-ID Length. High Unreviewed

CVE-2019-7280 was published May 24, 2022

Progress Sitefinity 10.1.6536 does not invalidate session cookies upon logouts. It instead tries... Moderate Unreviewed

CVE-2019-7215 was published May 24, 2022

The Pivotal Ops Manager, 2.2.x versions prior to 2.2.23, 2.3.x versions prior to 2.3.16, 2.4.x... Moderate Unreviewed

CVE-2019-3790 was published May 24, 2022

IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2... Moderate Unreviewed

CVE-2019-4072 was published May 24, 2022

Previous 1 2 3 4 5 6 7 8 Next

ProTip! Advisories are also available from the GraphQL API

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

197 advisories