GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
106 advisories
Filter by severity
TYPO3 is vulnerable to Session Fixation
Moderate
CVE-2010-3671
was published
for
typo3/cms-install
(Composer)
Apr 21, 2022
Session fixation in change password form
Moderate
CVE-2019-12203
was published
for
silverstripe/framework
(Composer)
Nov 12, 2019
Cookie persistence after password changes in symfony/security-bundle
Moderate
CVE-2021-41268
was published
for
symfony/security-bundle
(Composer)
Nov 24, 2021
IBM PowerSC 1.3, 2.0, and 2.1 does not provide logout functionality, which could allow an...
Moderate
Unreviewed
CVE-2023-50941
was published
Feb 2, 2024
An issue was discovered on GL.iNet devices before version 4.5.0. They assign the same session ID...
Moderate
Unreviewed
CVE-2023-50920
was published
Jan 12, 2024
OpenStack Horizon Session Fixation
Moderate
CVE-2012-2144
was published
for
horizon
(pip)
May 17, 2022
GitHub Authentication Plugin session fixation vulnerability
Moderate
CVE-2019-1003019
was published
for
org.jenkins-ci.plugins:github-oauth
(Maven)
May 13, 2022
Session Fixation in Jenkins
Moderate
CVE-2018-1000409
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
Password Change Vulnerability
Moderate
CVE-2023-49804
was published
for
uptime-kuma
(npm)
Dec 12, 2023
Jenkins SAML Plugin Session Fixation vulnerability
Moderate
CVE-2018-1000602
was published
for
org.jenkins-ci.plugins:saml
(Maven)
May 14, 2022
Symfony possible session fixation vulnerability
Moderate
CVE-2023-46733
was published
for
symfony/security-http
(Composer)
Nov 12, 2023
Session Fixation in GitHub repository fossbilling/fossbilling prior to 0.5.1.
Moderate
Unreviewed
CVE-2023-3394
was published
Jun 23, 2023
Session fixation vulnerability in Rails
Moderate
CVE-2007-5380
was published
for
rails
(RubyGems)
Oct 24, 2017
Versions of Puppet Enterprise prior to 2021.7.6 and 2023.5 contain a flaw which results in broken...
Moderate
Unreviewed
CVE-2023-5309
was published
Nov 7, 2023
Session Fixation in GitHub repository instantsoft/icms2 prior to 2.16.1.
Moderate
Unreviewed
CVE-2023-4649
was published
Aug 31, 2023
Froxlor Session Fixation vulnerability
Moderate
CVE-2023-3192
was published
for
froxlor/froxlor
(Composer)
Jun 11, 2023
Passport vulnerable to session regeneration when a users logs in or out
Moderate
CVE-2022-25896
was published
for
passport
(npm)
Jul 2, 2022
Symfony vulnerable to Session Fixation of CSRF tokens
Moderate
CVE-2022-24895
was published
for
symfony/security-bundle
(Composer)
Feb 1, 2023
alextselegidis/easyappointments Session Fixation vulnerability
Moderate
CVE-2023-2105
was published
for
alextselegidis/easyappointments
(Composer)
Apr 15, 2023
IBM Security Access Manager 9.0.1 through 9.0.6 does not invalidate session tokens in a timely...
Moderate
Unreviewed
CVE-2019-4152
was published
May 24, 2022
Shopware guest session is shared between customers
Moderate
CVE-2022-24745
was published
for
shopware/platform
(Composer)
Mar 10, 2022
An issue was discovered in Appalti & Contratti 9.12.2. It allows Session Fixation. When a user...
Moderate
Unreviewed
CVE-2022-44788
was published
Nov 22, 2022
Session fixation vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7...
Moderate
Unreviewed
CVE-2014-4789
was published
May 17, 2022
IBM Sterling Partner Engagement Manager 2.0 does not invalidate session after logout which could...
Moderate
Unreviewed
CVE-2022-34334
was published
Oct 11, 2022
Session management issue in RX-V200 firmware versions prior to 09.87.17.09, RX-V100 firmware...
Moderate
Unreviewed
CVE-2017-10890
was published
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API