Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

114 advisories

Loading
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. When authenticating a user or... High Unreviewed
CVE-2018-8852 was published May 13, 2022
Improper Session Management in SAP Business Objects, 4.0, from 4.10, from 4.20, 4.30, CMC/BI... High Unreviewed
CVE-2018-2408 was published May 13, 2022
Improper session management when using SAP Cloud Platform 2.0 (Connectivity Service and Cloud... High Unreviewed
CVE-2018-2409 was published May 13, 2022
Insufficient session authentication in web server for Intel(R) Data Center Manager SDK before... High Unreviewed
CVE-2019-0102 was published May 13, 2022
In Pulse Secure Pulse Desktop Client and Network Connect, an attacker could access session tokens... High Unreviewed
CVE-2019-11213 was published May 13, 2022
Session Fixation vulnerability in login.php in Pluck-CMS Pluck 4.7.15 allows an attacker to... High Unreviewed
CVE-2021-31745 was published Dec 11, 2021
An issue was discovered in BACKCLICK Professional 5.9.63. Due to an unsafe implementation of... High Unreviewed
CVE-2022-44007 was published Nov 17, 2022
A session fixation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to... High Unreviewed
CVE-2018-9026 was published May 13, 2022
A vulnerability in the web management interface of Brocade Fabric OS versions before 8.2.1, 8.1... High Unreviewed
CVE-2018-6434 was published May 13, 2022
In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time... High Unreviewed
CVE-2018-17199 was published May 13, 2022
Session Fixation in Apache Zeppelin High
CVE-2017-12619 was published for org.apache.zeppelin:zeppelin (Maven) Apr 24, 2019
A privilege escalation vulnerability exists in the session id functionality of WWBN AVideo 11.6... High Unreviewed
CVE-2022-30605 was published Aug 23, 2022
Session fixation vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers to... High Unreviewed
CVE-2007-4188 was published May 1, 2022
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower has incorrectly... High Unreviewed
CVE-2020-25198 was published May 24, 2022
SolarWinds N-central through 2020.1 allows session hijacking and requires user interaction or... High Unreviewed
CVE-2020-15909 was published May 24, 2022
Session fixation vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT... High Unreviewed
CVE-2020-5645 was published May 24, 2022
OpenSSL and SSLeay allow remote attackers to reuse SSL sessions and bypass access controls. High Unreviewed
CVE-1999-0428 was published Apr 30, 2022
A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when... High Unreviewed
CVE-2021-22927 was published May 24, 2022
In VOS user session identifier (authentication token) is issued to the browser prior to... High Unreviewed
CVE-2018-16495 was published May 24, 2022
The authentication token required to execute NSDP write requests on NETGEAR JGS516PE/GS116Ev2 v2... High Unreviewed
CVE-2020-35229 was published May 24, 2022
An OAuth session fixation vulnerability existed in the VPN login flow, where an attacker could... High Unreviewed
CVE-2020-15679 was published Dec 22, 2022
Session fixation vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series ... High Unreviewed
CVE-2020-5654 was published May 24, 2022
Session Fixation in WildFly Elytron High
CVE-2020-10714 was published for org.wildfly.security:wildfly-elytron (Maven) Feb 15, 2022
In Apache Tomcat, when using FORM authentication there was a narrow window where an attacker could perform a session fixation attack High
CVE-2019-17563 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Dec 26, 2019
IBM MQ 8.0.0.4 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 AMQP Listeners... High Unreviewed
CVE-2019-4227 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API