Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

106 advisories

Loading
IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable... Moderate Unreviewed
CVE-2024-22318 was published Feb 9, 2024
Django allows user sessions hijacking via an empty string in the session key Moderate
CVE-2015-3982 was published for Django (pip) May 17, 2022
MarkLee131
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP2).... Moderate Unreviewed
CVE-2024-42345 was published Sep 10, 2024
aiohttp-session Session Fixation vulnerability Moderate
CVE-2018-1000519 was published for aiohttp-session (pip) Sep 13, 2018
IBM Aspera Shares 1.10.0 PL2 does not invalidate session after a password change which could... Moderate Unreviewed
CVE-2023-38018 was published Aug 12, 2024
As of v1.5.0, the Argo web interface authentication system issued immutable tokens.... Moderate Unreviewed
CVE-2020-8826 was published May 24, 2022
Unauthenticated Access to sensitive settings in Argo CD Moderate
CVE-2024-37152 was published for github.com/argoproj/argo-cd/v2/server (Go) Jun 6, 2024
moshikoHassan
Zend-Session session validation vulnerability Moderate
GHSA-96c6-m98x-hxjx was published for zendframework/zend-session (Composer) Jun 7, 2024
Zendframework session validation vulnerability Moderate
GHSA-62f6-h68r-3jpw was published for zendframework/zendframework (Composer) Jun 7, 2024
TYPO3 Security Misconfiguration in User Session Handling Moderate
GHSA-xmgr-jff3-fcfv was published for typo3/cms-core (Composer) May 30, 2024
Laravel Hijacked authentication cookies vulnerability Moderate
GHSA-p62r-7637-3wwc was published for laravel/framework (Composer) May 15, 2024
Laravel Hijacked authentication cookies vulnerability Moderate
GHSA-q4xf-7fw5-4x8v was published for illuminate/auth (Composer) May 15, 2024
IBM Storage Scale 5.1.0.0 through 5.1.9.2 could allow an authenticated user to steal or... Moderate Unreviewed
CVE-2023-38002 was published Apr 30, 2024
Keycloak vulnerable to session hijacking via re-authentication Moderate
CVE-2023-6787 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
phpMyAdmin Bypass logout timeout Moderate
CVE-2016-9851 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
zenml Session Fixation vulnerability Moderate
CVE-2024-2260 was published for zenml (pip) Apr 16, 2024
Contao: Remember-me tokens will not be cleared after a password change Moderate
CVE-2024-30262 was published for contao/core-bundle (Composer) Apr 9, 2024
bytehead
An issue has been discovered in GitLab affecting all versions starting from 11.9 before 15.9.6,... Moderate Unreviewed
CVE-2023-1265 was published May 3, 2023
Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0... Moderate Unreviewed
CVE-2022-38628 was published Dec 13, 2022
A remote session reuse vulnerability was discovered in HPE 3PAR Service Processor version(s):... Moderate Unreviewed
CVE-2019-5400 was published May 24, 2022
The "action" get_sess_id in the web application of Pydio through 8.2.2 discloses the session... Moderate Unreviewed
CVE-2019-10045 was published May 24, 2022
** DISPUTED ** Prior to 2018-04-27, the reprompt feature in Amazon Echo devices could be misused... Moderate Unreviewed
CVE-2018-11567 was published May 14, 2022
A vulnerability was found in Bdtask Wholesale Inventory Management System up to 20240311. It has... Moderate Unreviewed
CVE-2024-2639 was published Mar 19, 2024
Liferay Portal's account lockout does not invalidate existing user sessions Moderate
CVE-2023-47798 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 8, 2024
Graylog session fixation vulnerability through cookie injection Moderate
CVE-2024-24823 was published for org.graylog2:graylog2-server (Maven) Feb 7, 2024
fabsx00
ProTip! Advisories are also available from the GraphQL API