GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
14 advisories
Filter by severity
Use of a Key Past its Expiration Date and Insufficient Session Expiration in Maddy Mail Server
Moderate
CVE-2022-24732
was published
for
github.com/foxcpp/maddy
(Go)
Mar 7, 2022
Philips Vue PACS versions 12.2.x.x and prior uses a cryptographic key or password past its...
High
Unreviewed
CVE-2021-33020
was published
Apr 3, 2022
Contao Does Not Expire Tokens Correctly
Critical
CVE-2019-10643
was published
for
contao/contao
(Composer)
May 13, 2022
OpenStack Keystone Insufficient token expiration
High
CVE-2012-5563
was published
for
keystone
(pip)
May 17, 2022
python-keystoneclient missing expiration check in PKI token validation
High
CVE-2013-2104
was published
for
python-keystoneclient
(pip)
May 17, 2022
The Pivotal Ops Manager, 2.2.x versions prior to 2.2.23, 2.3.x versions prior to 2.3.16, 2.4.x...
Moderate
Unreviewed
CVE-2019-3790
was published
May 24, 2022
An authentication bypass vulnerability exists in the get_IFTTTTtoken.cgi functionality of Asus RT...
High
Unreviewed
CVE-2022-35401
was published
Jan 10, 2023
IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain...
Moderate
Unreviewed
CVE-2024-31893
was published
May 22, 2024
IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain...
Moderate
Unreviewed
CVE-2024-31894
was published
May 22, 2024
IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain...
Moderate
Unreviewed
CVE-2024-31895
was published
May 22, 2024
Moodle uses the same key for QR login and auto-login
Moderate
CVE-2024-38277
was published
for
moodle/moodle
(Composer)
Jun 18, 2024
Lack of consideration of key expiry when validating signatures in Conduit, allowing an attacker...
Moderate
Unreviewed
CVE-2024-6299
was published
Jun 25, 2024
Keycloak Uses a Key Past its Expiration Date
Moderate
CVE-2024-7318
was published
for
org.keycloak:keycloak-core
(Maven)
Sep 9, 2024
One Time Passcode (OTP) is valid longer than expiration timeSeverity
Moderate
GHSA-xmmm-jw76-q7vg
was published
for
org.keycloak:keycloak-core
(Maven)
Oct 14, 2024
ProTip!
Advisories are also available from the
GraphQL API