Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,029
Maven
5,000+
npm
5,000+
NuGet
976
pip
5,000+
Pub
13
RubyGems
1,070
Rust
1,404
Swift
61
Unreviewed advisories
All unreviewed
5,000+

33 advisories

Loading
Insufficient Session Expiration in Kiali High
CVE-2020-1762 was published for github.com/kiali/kiali (Go) May 18, 2021
Invalid session token expiration High
CVE-2021-32923 was published for github.com/hashicorp/vault (Go) Jun 8, 2021
Use of a Key Past its Expiration Date and Insufficient Session Expiration in Maddy Mail Server Moderate
CVE-2022-24732 was published for github.com/foxcpp/maddy (Go) Mar 7, 2022
ysf Credited to ysf
Mattermost Server vulnerable to user account takeover when Single Sign-On OAuth2 is used High
CVE-2017-18906 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Mattermost Server has Insufficient Session Expiration when used as an OAuth 2.0 service provider Moderate
CVE-2017-18905 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Token leases could outlive their TTL in HashiCorp Vault Critical
CVE-2020-25816 was published for github.com/hashicorp/vault (Go) May 24, 2022
Insufficient Session Expiration in Nakama High
CVE-2022-2306 was published for github.com/heroiclabs/nakama (Go) Jul 6, 2022
FlyteAdmin Insufficient AccessToken Expiration Check Moderate
CVE-2022-31145 was published for github.com/flyteorg/flyteadmin (Go) Jul 15, 2022
mayitbeegh Credited to mayitbeegh
Pinniped Supervisor Insufficient Session Expiration vulnerability Moderate
CVE-2022-31677 was published for go.pinniped.dev (Go) Sep 1, 2022
HashiCorp Nomad vulnerable to Insufficient Session Expiration Low
CVE-2022-3867 was published for github.com/hashicorp/nomad (Go) Nov 10, 2022
tdunlap607 Credited to tdunlap607
Zitadel RefreshToken invalidation vulnerability Moderate
CVE-2023-22492 was published for github.com/zitadel/zitadel (Go) Jan 11, 2023
sebastianbuechler Credited to sebastianbuechler
Answer vulnerable to Insufficient Session Expiration High
CVE-2023-1543 was published for github.com/answerdev/answer (Go) Mar 21, 2023
Answer Insufficient Session Expiration vulnerability Moderate
CVE-2023-4126 was published for github.com/answerdev/answer (Go) Aug 3, 2023
Argo CD web terminal session doesn't expire High
CVE-2023-40025 was published for github.com/argoproj/argo-cd/v2 (Go) Aug 23, 2023
zhlu32 Credited to zhlu32
Insufficient Session Expiration in github.com/greenpau/caddy-security Moderate
CVE-2024-21492 was published for github.com/greenpau/caddy-security (Go) Feb 17, 2024
Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider High
CVE-2023-22650 was published for github.com/rancher/rancher (Go) Jun 17, 2024
ZITADEL Allows IdP Intent Token Reuse High
CVE-2025-46815 was published for github.com/zitadel/zitadel (Go) May 6, 2025
cfx Credited to cfx, livio-a, and fforootd livio-a livio-a
fforootd fforootd
File Browser’s insecure JWT handling can lead to session replay attacks after logout High
CVE-2025-53826 was published for github.com/filebrowser/filebrowser (Go) Jul 16, 2025
maen08 Credited to maen08 and hacdias hacdias hacdias
Coder vulnerable to privilege escalation could lead to a cross workspace compromise High
CVE-2025-58437 was published for github.com/coder/coder/v2 (Go) Sep 5, 2025
johnstcn Credited to johnstcn
authentik's invitation expiry is delayed by at least 5 minutes Moderate
CVE-2025-64708 was published for goauthentik.io (Go) Nov 19, 2025
melizeche Credited to melizeche
Pterodactyl does not revoke SFTP access when server is deleted or permissions reduced High
CVE-2025-68954 was published for github.com/pterodactyl/wings (Composer) Jan 6, 2026
real2two Credited to real2two
FrankenPHP leaks session data between requests in worker mode High
CVE-2026-24894 was published for github.com/dunglas/frankenphp (Go) Feb 12, 2026
xavierleune Credited to xavierleune and dunglas dunglas dunglas
Pterodactyl Panel's SFTP sessions remain active after user account deletion or password change High
GHSA-hr7j-63v7-vj7g was published for github.com/pterodactyl/wings (Composer) Feb 17, 2026
KTOymep Credited to KTOymep
Vijkunja has Weak Password Policy Combined with Persistent Sessions After Password Change Critical
CVE-2026-27575 was published for code.vikunja.io/api (Go) Feb 25, 2026
iamsampathk Credited to iamsampathk
OliveTin Session Fixation: Logout Fails to Invalidate Server-Side Session Moderate
CVE-2026-30224 was published for github.com/OliveTin/OliveTin (Go) Mar 5, 2026
Zwique Credited to Zwique
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database