Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,740
Maven
5,000+
npm
4,338
NuGet
765
pip
4,112
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

382 advisories

Loading
An insufficient session expiration vulnerability [CWE-613] in Fortinet FortiOS 7.4.0, FortiOS 7.2... Moderate Unreviewed
CVE-2025-62631 was published Dec 9, 2025
A vulnerability has been identified in Genexis Platinum P4410 router (Firmware P4410-V2–1.41)... High Unreviewed
CVE-2025-65883 was published Dec 4, 2025
nopCommerce v4.70 and prior, and version 4.80.3, does not invalidate session cookies after logout... High Unreviewed
CVE-2025-11699 was published Dec 1, 2025
Keycloak does not invalidate sessions when "Remember Me" is disabled Moderate
CVE-2025-11429 was published for org.keycloak:keycloak-services (Maven) Oct 23, 2025
Keycloak does not invalidate offline sessions when the offline_access scope is removed Moderate
CVE-2025-12110 was published for org.keycloak:keycloak-services (Maven) Oct 23, 2025
The Sencore SMP100 SMP Media Platform (firmware versions V4.2.160, V60.1.4, V60.1.29) is... Moderate Unreviewed
CVE-2025-63226 was published Nov 18, 2025
authentik's invitation expiry is delayed by at least 5 minutes Moderate
CVE-2025-64708 was published for goauthentik.io (Go) Nov 19, 2025
melizeche
Credited to melizeche
Requarks Wiki.js 2.5.307 does not properly revoke or invalidate active JWT tokens when a user... Critical Unreviewed
CVE-2025-56643 was published Nov 18, 2025
Flowise Fails to Invalidate Existing Sessions After Password Changes High
GHSA-x7rp-qj2h-ghgw was published for flowise (npm) Nov 14, 2025
mbiesiad
Credited to mbiesiad
When multiple server blocks are configured to share the same IP address and port, an attacker can... Moderate Unreviewed
CVE-2025-23419 was published Feb 5, 2025
Logout Functionality not Working.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1... Moderate Unreviewed
CVE-2025-12278 was published Oct 26, 2025
Nagios Fusion versions prior to R2.1 contain a vulnerability due to the application not requiring... High Unreviewed
CVE-2025-34269 was published Oct 31, 2025
Nagios XI versions prior to 2024R1.1.3 did not invalidate all other active sessions for a user... Critical Unreviewed
CVE-2024-13996 was published Oct 31, 2025
KSmserver in KDE Plasma Workspace (aka plasma-workspace) before 5.27.11.1 and 6.x before 6.0.5.1... High Unreviewed
CVE-2024-36041 was published Jul 5, 2024
An issue was discovered in SchedMD Slurm 23.02.x and 23.11.x. There is Incorrect Access Control... High Unreviewed
CVE-2023-49935 was published Dec 14, 2023
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.3, macOS... Critical Unreviewed
CVE-2025-24106 was published Jan 28, 2025
A vulnerability was found in the 389 Directory Server that allows expired passwords to access the... High Unreviewed
CVE-2022-0996 was published Mar 24, 2022
The equipment grants a JWT token for each connection in the timeline, but during an active valid... High Unreviewed
CVE-2025-64386 was published Oct 31, 2025
On affected platforms, if SSH session multiplexing was configured on the client side, SSH... Moderate Unreviewed
CVE-2025-54547 was published Oct 30, 2025
Strapi is vulnerable to Insufficient Session Expiration Moderate
CVE-2025-3930 was published for @strapi/strapi (npm) Oct 16, 2025
The TeleMessage service through 2025-05-05 implements authentication through a long-lived... Moderate Unreviewed
CVE-2025-48929 was published May 28, 2025
An Insufficient Session Expiration vulnerability [CWE-613] in FortiOS SSL VPN 7.6.0 through 7.6.2... Moderate Unreviewed
CVE-2025-25252 was published Oct 14, 2025
An insufficient session expiration vulnerability [CWE-613] and an incorrect authorization... High Unreviewed
CVE-2024-33507 was published Oct 14, 2025
A suspended or recently logged-out user could continue to interact with Blueframe until the time... Moderate Unreviewed
CVE-2025-46741 was published May 12, 2025
IBM Transformation Extender Advanced 10.0.1 does not invalidate session after logout which... Moderate Unreviewed
CVE-2023-49881 was published Oct 1, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database