Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

17 advisories

Loading
aiohttp-session creates non-expiring sessions High
CVE-2018-1000814 was published for aiohttp-session (pip) Dec 20, 2018
Insufficient Session Expiration in OpenStack Keystone High
CVE-2020-12690 was published for keystone (pip) Jun 9, 2021
incomplete JupyterHub logout with simultaneous JupyterLab sessions Moderate
CVE-2021-41247 was published for jupyterhub (pip) Nov 8, 2021
fritterhoff
OpenStack Keystone Domain-scoped tokens don't get revoked High
CVE-2014-5253 was published for keystone (pip) May 17, 2022
OpenStack Identity (Keystone) Multiple vulnerabilities in revocation events High
CVE-2014-5251 was published for keystone (pip) May 17, 2022
OpenStack Identity (Keystone) UUID v2 tokens does not expire with revocation events High
CVE-2014-5252 was published for keystone (pip) May 17, 2022
SaltStack Salt eauth tokens can be used once after expiration Critical
CVE-2021-3144 was published for salt (pip) May 24, 2022
OctoPrint vulnerable to Insufficient Session Expiration. Moderate
CVE-2022-2888 was published for OctoPrint (pip) Sep 22, 2022
Apache Airflow may allow authenticated users who have been deactivated to continue using the UI or API High
CVE-2022-41672 was published for apache-airflow (pip) Oct 7, 2022
sunSUNQ
rdiffweb vulnerable to Insufficient Session Expiration High
CVE-2022-3362 was published for rdiffweb (pip) Nov 15, 2022
Pyload Insufficient Session Expiration vulnerability Moderate
CVE-2023-0227 was published for pyload-ng (pip) Jan 12, 2023
vantage6 refresh tokens do not expire High
CVE-2023-23929 was published for vantage6 (pip) Feb 28, 2023
Insufficient Session Expiration in pretix High
CVE-2023-27891 was published for pretix (pip) Mar 7, 2023
yt-dlp Generic Extractor MITM Vulnerability via Arbitrary Proxy Injection Moderate
CVE-2023-46121 was published for yt-dlp (pip) Nov 15, 2023
coletdjnz
zenml-io/zenml does not expire the session after password reset Low
CVE-2024-4680 was published for zenml (pip) Jun 8, 2024
Apache Airflow Providers FAB Insufficient Session Expiration vulnerability Low
CVE-2024-42447 was published for apache-airflow-providers-fab (pip) Aug 5, 2024
Mage AI incorrectly gives privileges to users with deleted accounts Moderate
CVE-2024-45187 was published for mage-ai (pip) Aug 23, 2024
ProTip! Advisories are also available from the GraphQL API