Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

114 advisories

Loading
In certain conditions, depending on timing and the usage of the Chrome web browser, Guardian/CMC... High Unreviewed
CVE-2023-24477 was published Aug 9, 2023
The H2-DM1E PLC's authentication protocol appears to utilize either a custom encoding scheme or a... High Unreviewed
CVE-2024-45368 was published Sep 13, 2024
Apache Airflow Session Fixation vulnerability High
CVE-2023-40273 was published for apache-airflow (pip) Aug 23, 2023
Session is cached for OpenID and OAuth2 if `redirect` is not used High
CVE-2024-45596 was published for @directus/api (npm) Sep 10, 2024
joselcvarela
Keycloak Session Fixation vulnerability High
CVE-2024-7341 was published for org.keycloak:keycloak-services (Maven) Sep 9, 2024
An issue in Outline <= v0.76.1 allows attackers to execute a session hijacking attack via user... High Unreviewed
CVE-2024-37829 was published Jul 9, 2024
TYPO3 frontend login vulnerable to Session Fixation High
GHSA-r9vc-jfmh-6j48 was published for typo3/cms (Composer) May 30, 2024
silverstripe/framework's User-Agent header not correctly invalidating user session High
GHSA-4qx8-j9vh-2628 was published for silverstripe/framework (Composer) May 27, 2024
eQ-3 HomeMatic CCU3 firmware 3.41.11 allows session fixation. An attacker can create session IDs... High Unreviewed
CVE-2019-15849 was published May 24, 2022
A session fixation vulnerability in South River Technologies' Titan MFT and Titan SFTP servers on... High Unreviewed
CVE-2023-45687 was published Oct 16, 2023
Session Fixation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows... High Unreviewed
CVE-2023-3711 was published Sep 12, 2023
Some access control products are vulnerable to a session hijacking attack because the product... High Unreviewed
CVE-2023-28809 was published Jun 15, 2023
A session takeover vulnerability exists in FICO Origination Manager Decision Module 4.8.1 due to... High Unreviewed
CVE-2023-30056 was published May 9, 2023
An issue was discovered in Simmeth Lieferantenmanager before 5.6. Due to errors in session... High Unreviewed
CVE-2022-44017 was published Dec 25, 2022
On versions 3.0.0-3.3.0, the NGINX Controller webserver does not invalidate the server-side... High Unreviewed
CVE-2020-5894 was published May 24, 2022
An issue was discovered in DAViCal Andrew's Web Libraries (AWL) through 0.60. Session management... High Unreviewed
CVE-2020-11728 was published May 24, 2022
Insufficient session validation in Intel(R) Baseboard Management Controller firmware may allow an... High Unreviewed
CVE-2019-11173 was published May 24, 2022
An internal product security audit discovered a session handling vulnerability in the web... High Unreviewed
CVE-2019-6161 was published May 24, 2022
A remote session reuse vulnerability was discovered in HPE 3PAR StoreServ Management and Core... High Unreviewed
CVE-2019-5406 was published May 24, 2022
On eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16, automatic login... High Unreviewed
CVE-2019-10120 was published May 24, 2022
A vulnerability in the session management functionality of the web UI for the Cisco Umbrella... High Unreviewed
CVE-2019-1807 was published May 24, 2022
BPC SmartVista 2 has Session Fixation via the JSESSIONID parameter. High Unreviewed
CVE-2018-15208 was published May 24, 2022
Zoho ManageEngine ServiceDesk 9.3 allows session hijacking and privilege escalation because an... High Unreviewed
CVE-2019-10008 was published May 24, 2022
Session Hijack vulnerability in Deprecated VMware Enhanced Authentication Plug-in could allow a... High Unreviewed
CVE-2024-22250 was published Feb 20, 2024
Magento 2 Community Edition Session Fixation Check High
CVE-2019-7849 was published for magento/community-edition (Composer) May 24, 2022
ProTip! Advisories are also available from the GraphQL API