GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,014
Maven
5,000+
npm
3,721
NuGet
662
pip
3,393
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
61 advisories
Filter by severity
An issue was discovered in MantisBT before 2.24.5. It associates a unique cookie string with each...
High
Unreviewed
CVE-2009-20001
was published
Apr 21, 2022
A vulnerability in the SIP inspection engine of Cisco Adaptive Security Appliance (ASA) Software...
High
Unreviewed
CVE-2021-1501
was published
May 24, 2022
IBM Robotic Process Automation for Cloud Pak 20.12 through 21.0.3 is vulnerable to broken access...
High
Unreviewed
CVE-2022-43844
was published
Jan 5, 2023
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to session hijacking...
High
Unreviewed
CVE-2017-6529
was published
May 17, 2022
Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series...
High
Unreviewed
CVE-2021-1542
was published
May 24, 2022
** DISPUTED ** A vulnerability has been found in Microsoft O365 and classified as critical. The...
High
Unreviewed
CVE-2022-2076
was published
Jun 15, 2022
A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3), SIMATIC MV540 S ...
High
Unreviewed
CVE-2022-33137
was published
Jul 13, 2022
A remote authorization bypass vulnerability was discovered in Aruba ClearPass Policy Manager...
High
Unreviewed
CVE-2022-23669
was published
May 18, 2022
An exploitable nonce reuse vulnerability exists in the Web Application functionality of Moxa AWK...
High
Unreviewed
CVE-2016-8712
was published
May 13, 2022
Immuta v2.8.2 is affected by improper session management: user sessions are not revoked upon logout.
High
Unreviewed
CVE-2020-15950
was published
May 24, 2022
Microweber 1.1.18 is affected by insufficient session expiration. When changing passwords, both...
High
Unreviewed
CVE-2020-23140
was published
May 24, 2022
An issue was discovered in the yh_create_session() function of yubihsm-shell through 2.0.2. The...
High
Unreviewed
CVE-2020-24387
was published
May 24, 2022
The REST/JSON project 7.x-1.x for Drupal allows session name guessing, aka SA-CONTRIB-2016-033....
High
Unreviewed
CVE-2016-20007
was published
May 24, 2022
Files.com Fat Client 3.3.6 allows authentication bypass because the client continues to have...
High
Unreviewed
CVE-2021-3183
was published
May 24, 2022
IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not invalidate session after logout...
High
Unreviewed
CVE-2021-20378
was published
May 24, 2022
Prima Systems FlexAir devices have an Insufficient Session-ID Length.
High
Unreviewed
CVE-2019-7280
was published
May 24, 2022
Redmine 4.2.0 and 4.2.1 allow existing user sessions to continue upon enabling two-factor...
High
Unreviewed
CVE-2021-37156
was published
May 24, 2022
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to...
High
Unreviewed
CVE-2021-39113
was published
May 24, 2022
The useradm service 1.14.0 (in Northern.tech Mender Enterprise 2.7.x before 2.7.1) and 1.13.0 (in...
High
Unreviewed
CVE-2021-35342
was published
May 24, 2022
An insufficient session expiration vulnerability exists in the "Fish | Hunt FL" iOS app version 3...
High
Unreviewed
CVE-2021-33982
was published
May 24, 2022
A vulnerability in the web-based management interface of multiple Cisco Small Business Series...
High
Unreviewed
CVE-2021-34739
was published
May 24, 2022
In ArangoDB, versions v3.7.6 through v3.8.3 are vulnerable to Insufficient Session Expiration....
High
Unreviewed
CVE-2021-25940
was published
May 24, 2022
In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack...
High
Unreviewed
CVE-2021-33322
was published
May 24, 2022
In “Orchard core CMS” application, versions 1.0.0-beta1-3383 to 1.0.0 are vulnerable to an...
High
Unreviewed
CVE-2021-25966
was published
May 24, 2022
In Shopizer versions 2.3.0 to 3.0.1 are vulnerable to Insufficient Session Expiration. When a...
High
Unreviewed
CVE-2022-23063
was published
May 4, 2022
ProTip!
Advisories are also available from the
GraphQL API