Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,939
Maven
5,000+
npm
3,677
NuGet
643
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

285 advisories

Loading
Mealie1.0.0beta3 does not terminate download tokens after a user logs out, allowing attackers to... Moderate Unreviewed
CVE-2022-34624 was published Aug 20, 2022
Improper Access Control in GitHub repository namelessmc/nameless prior to v2.0.2. High Unreviewed
CVE-2022-2820 was published Aug 16, 2022
Cockpit before 2.2.0 vulnerable to Insufficient Session Expiration Critical
CVE-2022-2713 was published for aheinze/cockpit (Composer) Aug 9, 2022
In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x... Critical Unreviewed
CVE-2022-35728 was published Aug 5, 2022
NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the ... Moderate Unreviewed
CVE-2022-30698 was published Aug 2, 2022
NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the ... Moderate Unreviewed
CVE-2022-30699 was published Aug 2, 2022
FlyteAdmin Insufficient AccessToken Expiration Check Moderate
CVE-2022-31145 was published for github.com/flyteorg/flyteadmin (Go) Jul 15, 2022
mayitbeegh
A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3), SIMATIC MV540 S ... High Unreviewed
CVE-2022-33137 was published Jul 13, 2022
Insufficient Session Expiration in Nakama High
CVE-2022-2306 was published for github.com/heroiclabs/nakama (Go) Jul 6, 2022
IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout... Critical Unreviewed
CVE-2022-22317 was published Jun 21, 2022
IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout... Critical Unreviewed
CVE-2022-22318 was published Jun 21, 2022
Insufficient Session Expiration in TYPO3's Admin Tool Moderate
CVE-2022-31050 was published for typo3/cms (Composer) Jun 17, 2022
waldhacker1 ohader
** DISPUTED ** A vulnerability has been found in Microsoft O365 and classified as critical. The... High Unreviewed
CVE-2022-2076 was published Jun 15, 2022
Insufficient Session Expiration in NocoDB High
CVE-2022-2064 was published for nocodb (npm) Jun 14, 2022
BD Synapsys™, versions 4.20, 4.20 SR1, and 4.30, contain an insufficient session expiration... Moderate Unreviewed
CVE-2022-30277 was published Jun 3, 2022
In “Orchard core CMS” application, versions 1.0.0-beta1-3383 to 1.0.0 are vulnerable to an... High Unreviewed
CVE-2021-25966 was published May 24, 2022
In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack... High Unreviewed
CVE-2021-33322 was published May 24, 2022
In ArangoDB, versions v3.7.6 through v3.8.3 are vulnerable to Insufficient Session Expiration.... High Unreviewed
CVE-2021-25940 was published May 24, 2022
In Factor (App Framework & Headless CMS) v1.0.4 to v1.8.30, improperly invalidate a user’s... Critical Unreviewed
CVE-2021-25985 was published May 24, 2022
Camaleon CMS Insufficient Session Expiration vulnerability High
CVE-2021-25970 was published for camaleon_cms (RubyGems) May 24, 2022
Token leases could outlive their TTL in HashiCorp Vault Critical
CVE-2020-25816 was published for github.com/hashicorp/vault (Go) May 24, 2022
A vulnerability in the web-based management interface of multiple Cisco Small Business Series... High Unreviewed
CVE-2021-34739 was published May 24, 2022
In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, the account associated with a web... Critical Unreviewed
CVE-2021-40849 was published May 24, 2022
IBM i2 iBase 8.9.13 and 9.0.0 could allow a local attacker to obtain sensitive information due to... Moderate Unreviewed
CVE-2021-29868 was published May 24, 2022
The vulnerability can be described as a failure to invalidate user session upon password change.... Moderate Unreviewed
CVE-2021-35214 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database