Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

114 advisories

Loading
Symfony Session Fixation Vulnerability High
CVE-2018-11385 was published for symfony/security (Composer) May 14, 2022
An issue was discovered in Mbed TLS through 3.5.1. In mbedtls_ssl_session_reset, the maximum... High Unreviewed
CVE-2023-52353 was published Jan 22, 2024
Authentication library in TYPO3 vulnerable to session fixation High
CVE-2009-0256 was published for typo3/cms (Composer) May 2, 2022
Jenkins CAS Plugin Session Fixation vulnerability High
CVE-2023-32997 was published for org.jenkins-ci.plugins:cas-plugin (Maven) May 16, 2023
Session Fixation in Apache CXF High
CVE-2017-5656 was published for org.apache.cxf:cxf-core (Maven) May 13, 2022
sunSUNQ
A session hijacking vulnerability has been detected in the Imou Life application affecting... High Unreviewed
CVE-2023-6913 was published Dec 19, 2023
Session fixation vulnerability in Jenkins High
CVE-2021-21671 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Jenkins Gitlab Authentication Plugin vulnerable to Session Fixation High
CVE-2019-10371 was published for org.jenkins-ci.plugins:gitlab-oauth (Maven) May 24, 2022
An issue was discovered in Barrier before 2.4.0. An attacker can enter an active session state... High Unreviewed
CVE-2021-42073 was published May 24, 2022
Session fixation in fastify-passport High
CVE-2023-29019 was published for @fastify/passport (npm) Apr 21, 2023
pedromigueladao lavish
Uptime Kuma has Persistentent User Sessions High
CVE-2023-44400 was published for uptime-kuma (npm) Oct 10, 2023
Nansess dj4oC
Jenkins WSO2 Oauth Plugin Session Fixation vulnerability High
CVE-2023-33005 was published for org.jenkins-ci.plugins:wso2id-oauth (Maven) May 16, 2023
Jenkins OpenShift Login Plugin session fixation vulnerability High
CVE-2023-37946 was published for org.openshift.jenkins:openshift-login (Maven) Jul 12, 2023
KubePi session fixation attack allows an attacker to hijack a legitimate user session. High
CVE-2023-22479 was published for github.com/KubeOperator/kubepi (Go) Jan 9, 2023
Improper Access Control in GitHub repository namelessmc/nameless prior to v2.0.2. High Unreviewed
CVE-2022-2820 was published Aug 16, 2022
A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER... High Unreviewed
CVE-2022-43398 was published Nov 8, 2022
Session Fixation vulnerability in in function login in class.auth.php in osTicket through 1.16.2. High Unreviewed
CVE-2022-31888 was published Apr 6, 2023
An issue was discovered in Reprise RLM 14.2. As the session cookies are small, an attacker can... High Unreviewed
CVE-2021-44151 was published Dec 14, 2021
Moodle Session Fixation vulnerability High
CVE-2021-36394 was published for moodle/moodle (Composer) Mar 6, 2023
Session fixation vulnerability in pcsd in pcs before 0.9.157. High Unreviewed
CVE-2016-0721 was published May 17, 2022
Session fixation vulnerability in CuppaCMS thru commit 4c9b742b23b924cf4c1f943f48b278e06a17e297... High Unreviewed
CVE-2021-29368 was published Jan 20, 2023
Session fixation vulnerability in Jenkins OpenId Connect Authentication Plugin High
CVE-2023-24424 was published for org.jenkins-ci.plugins:oic-auth (Maven) Jan 26, 2023
IBM Financial Transaction Manager 3.2.4 does not invalidate session any existing session... High Unreviewed
CVE-2021-39066 was published Feb 3, 2022
DELL EMC AppSync versions 3.9 to 4.3 use GET request method with sensitive query strings. An... High Unreviewed
CVE-2022-22551 was published Jan 22, 2022
A vulnerability has been identified in SICAM P850 (All versions < V3.10), SICAM P850 (All... High Unreviewed
CVE-2022-40226 was published Oct 11, 2022
ProTip! Advisories are also available from the GraphQL API