GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
190 advisories
Filter by severity
Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 allows attackers to access the core log...
High
Unreviewed
CVE-2022-34536
was published
Jul 20, 2022
Session fixation vulnerability in access control management in Synology Photo Station before 6.8...
High
Unreviewed
CVE-2022-22681
was published
Jul 7, 2022
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower has incorrectly...
High
Unreviewed
CVE-2020-25198
was published
May 24, 2022
SolarWinds N-central through 2020.1 allows session hijacking and requires user interaction or...
High
Unreviewed
CVE-2020-15909
was published
May 24, 2022
As of v1.5.0, the Argo web interface authentication system issued immutable tokens....
Moderate
Unreviewed
CVE-2020-8826
was published
May 24, 2022
Session fixation vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT...
High
Unreviewed
CVE-2020-5645
was published
May 24, 2022
Session fixation vulnerability in D-Link DIR-600L routers (rev. Ax) with firmware before FW1.17...
Critical
Unreviewed
CVE-2016-10405
was published
May 24, 2022
An issue was discovered in Barrier before 2.4.0. An attacker can enter an active session state...
High
Unreviewed
CVE-2021-42073
was published
May 24, 2022
** UNSUPPORTED WHEN ASSIGNED ** In ARCHIBUS Web Central 21.3.3.815 (a version from 2014), the Web...
Critical
Unreviewed
CVE-2021-41553
was published
May 24, 2022
Session fixation on password protected public links in the ownCloud Server before 10.8.0 allows...
Moderate
Unreviewed
CVE-2021-35948
was published
May 24, 2022
Under specialized conditions, GitLab may allow a user with an impersonation token to perform Git...
Moderate
Unreviewed
CVE-2021-22237
was published
May 24, 2022
Certain NetModule devices allow Limited Session Fixation via PHPSESSID. These models with...
Critical
Unreviewed
CVE-2021-39290
was published
May 24, 2022
A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when...
High
Unreviewed
CVE-2021-22927
was published
May 24, 2022
A session fixation vulnerability was discovered in Ice Hrm 29.0.0 OS which allows an attacker to...
Moderate
Unreviewed
CVE-2021-35046
was published
May 24, 2022
Cubecart 6.4.2 allows Session Fixation. The application does not generate a new session cookie...
Moderate
Unreviewed
CVE-2021-33394
was published
May 24, 2022
In VOS user session identifier (authentication token) is issued to the browser prior to...
High
Unreviewed
CVE-2018-16495
was published
May 24, 2022
The authentication token required to execute NSDP write requests on NETGEAR JGS516PE/GS116Ev2 v2...
High
Unreviewed
CVE-2020-35229
was published
May 24, 2022
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are...
Moderate
Unreviewed
CVE-2019-18946
was published
May 24, 2022
Pi-hole 5.0, 5.1, and 5.1.1 allows Session Fixation. The application does not generate a new...
Moderate
Unreviewed
CVE-2020-35591
was published
May 24, 2022
IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to bypass...
Moderate
Unreviewed
CVE-2020-4954
was published
May 24, 2022
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 does not invalidate session after a password...
Moderate
Unreviewed
CVE-2020-5021
was published
May 24, 2022
IBM Financial Transaction Manager 3.0.6 and 3.1.0 does not invalidate session after logout which...
Moderate
Unreviewed
CVE-2020-4555
was published
May 24, 2022
Session fixation vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series ...
High
Unreviewed
CVE-2020-5654
was published
May 24, 2022
IBM Security Directory Server 6.4.0 does not set the secure attribute on authorization tokens or...
Moderate
Unreviewed
CVE-2019-4563
was published
May 24, 2022
On versions 3.0.0-3.3.0, the NGINX Controller webserver does not invalidate the server-side...
High
Unreviewed
CVE-2020-5894
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API