GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,316
Maven
5,000+
npm
5,000+
NuGet
1,030
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,493
Swift
61
Unreviewed advisories
All unreviewed
5,000+
509 advisories
Filter by severity
HCL iControl was affected by Inadequate Session Timeout vulnerability. The vulnerability involves...
Low
Unreviewed
CVE-2025-62340
was published
Jun 17, 2026
NocoDB: Refresh Tokens Persist Through Password Recovery
Moderate
CVE-2026-53928
was published
for
nocodb
(npm)
Jun 17, 2026
Duplicate Advisory: Pairing-scoped device session could restore revoked node token authority
High
GHSA-wrmq-9fc4-gwwj
was published
for
openclaw
(npm)
Jun 16, 2026
•
withdrawn
Daytona: Public sandbox previews remain accessible for up to one hour after being made private
High
CVE-2026-54321
was published
for
github.com/daytonaio/daytona
(Go)
Jun 16, 2026
A flaw was found in Ansible Lightspeed. This vulnerability, related to insufficient session...
Moderate
Unreviewed
CVE-2026-44188
was published
Jun 15, 2026
OpenClaw before 2026.4.22 contains a webhook secret revocation bypass vulnerability allowing...
Moderate
Unreviewed
CVE-2026-53830
was published
Jun 13, 2026
OpenClaw before 2026.4.24 contains a token revocation vulnerability allowing callers with revoked...
Moderate
Unreviewed
CVE-2026-53824
was published
Jun 13, 2026
NocoDB: OAuth Tokens Persist Through Security Events
Moderate
CVE-2026-53926
was published
for
nocodb
(npm)
Jun 5, 2026
Apache Airflow: Auth manager doesn't invalidate JWT tokens after users click logout
Moderate
CVE-2026-48726
was published
for
apache-airflow
(pip)
Jun 1, 2026
Casdoor doesn't enforce SAML assertion time bounds
High
CVE-2026-9096
was published
for
github.com/casdoor/casdoor
(Go)
May 28, 2026
Keycloak has Insufficient Session Expiration
Moderate
CVE-2026-9802
was published
for
org.keycloak:keycloak-services
(Maven)
May 28, 2026
Insufficient session expiration vulnerability in syslink software AG Avantra on Linux, Windows...
Critical
Unreviewed
CVE-2026-8670
was published
May 26, 2026
NocoDB: Stale Auth Cache After API Token Deletion
Low
CVE-2026-46554
was published
for
nocodb
(npm)
May 21, 2026
Insufficient session expiration vulnerability in Turkiye Electricity Transmission Corporation ...
Moderate
Unreviewed
CVE-2026-1815
was published
May 21, 2026
eduMFA Passkeys: missing expiration flag may allow replay attacks and reuse of old challenges
High
GHSA-j5rm-v3vh-vx94
was published
for
edumfa
(pip)
May 18, 2026
Strapi: Password Reset Does Not Revoke Existing Refresh Sessions
Low
CVE-2026-22706
was published
for
@strapi/admin
(npm)
May 13, 2026
libcurl might in some circumstances reuse the wrong connection when asked to
do an authenticated...
Moderate
Unreviewed
CVE-2026-5545
was published
May 13, 2026
SillyTavern: Existing sessions are not invalidated after password change, allowing session reuse and account takeover
High
CVE-2026-44648
was published
for
sillytavern
(npm)
May 12, 2026
A session management vulnerability in AOS-8 allows previously authenticated users to retain...
Moderate
Unreviewed
CVE-2026-44873
was published
May 12, 2026
Open WebUI has a CORS misconfiguration and session validation issue
High
GHSA-6xcp-7mpr-m7wm
was published
for
open-webui
(pip)
May 11, 2026
Open WebUI: Stale Admin Role in Socket.IO Session Pool Enables Post-Demotion Cross-User Note Access
High
CVE-2026-44553
was published
for
open-webui
(pip)
May 8, 2026
nhost has Session Persistence After Password Change
Low
GHSA-7hgr-xvrr-xpw3
was published
for
github.com/nhost/nhost
(Go)
May 8, 2026
ech0's acess tokens with expiry=never cannot be revoked: logout panics, delete does not blacklist JTI
High
GHSA-fpw6-hrg5-q5x5
was published
for
github.com/lin-snow/Ech0
(Go)
May 7, 2026
Daptin's Session Management Vulnerability Leads to Insufficient Session Expiration After Password Change
Moderate
GHSA-258c-965c-p3hc
was published
for
github.com/daptin/daptin
(Go)
May 7, 2026
katalyst-koi: Session cookies can be replayed after user logout
High
CVE-2026-44511
was published
for
katalyst-koi
(RubyGems)
May 7, 2026
ProTip!
Advisories are also available from the
GraphQL API