GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
106 advisories
Filter by severity
Session fixation vulnerability in Drupal 5.x before 5.9 and 6.x before 6.3, when contributed...
Moderate
Unreviewed
CVE-2008-3222
was published
May 1, 2022
Tribal Systems Zenario CMS vulnerable to Session Fixation
Moderate
CVE-2022-4231
was published
for
tribalsystems/zenario
(Composer)
Nov 30, 2022
Improper user session handling in filegator
Moderate
CVE-2022-1849
was published
for
filegator/filegator
(Composer)
May 25, 2022
Session fixation on password protected public links in the ownCloud Server before 10.8.0 allows...
Moderate
Unreviewed
CVE-2021-35948
was published
May 24, 2022
Under specialized conditions, GitLab may allow a user with an impersonation token to perform Git...
Moderate
Unreviewed
CVE-2021-22237
was published
May 24, 2022
Cubecart 6.4.2 allows Session Fixation. The application does not generate a new session cookie...
Moderate
Unreviewed
CVE-2021-33394
was published
May 24, 2022
A session fixation vulnerability was discovered in Ice Hrm 29.0.0 OS which allows an attacker to...
Moderate
Unreviewed
CVE-2021-35046
was published
May 24, 2022
Insufficient Session Expiration in snipe/snipe-it
Moderate
CVE-2022-2997
was published
for
snipe/snipe-it
(Composer)
Aug 26, 2022
Pi-hole 5.0, 5.1, and 5.1.1 allows Session Fixation. The application does not generate a new...
Moderate
Unreviewed
CVE-2020-35591
was published
May 24, 2022
IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to bypass...
Moderate
Unreviewed
CVE-2020-4954
was published
May 24, 2022
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are...
Moderate
Unreviewed
CVE-2019-18946
was published
May 24, 2022
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 does not invalidate session after a password...
Moderate
Unreviewed
CVE-2020-5021
was published
May 24, 2022
IBM Security Directory Server 6.4.0 does not set the secure attribute on authorization tokens or...
Moderate
Unreviewed
CVE-2019-4563
was published
May 24, 2022
IBM Financial Transaction Manager 3.0.6 and 3.1.0 does not invalidate session after logout which...
Moderate
Unreviewed
CVE-2020-4555
was published
May 24, 2022
IBM Cloud Private 3.1.0, 3.1.1, and 3.1.2 does not invalidate session after logout which could...
Moderate
Unreviewed
CVE-2019-4439
was published
May 24, 2022
A session fixation vulnerability in J-Web on Junos OS may allow an attacker to use social...
Moderate
Unreviewed
CVE-2019-0062
was published
May 24, 2022
Jenkins Google Login Plugin Session Fixation vulnerability
Moderate
CVE-2018-1000173
was published
for
org.jenkins-ci.plugins:google-login
(Maven)
May 14, 2022
A vulnerability, which was classified as critical, has been found in kassi xingwall. This issue...
Moderate
Unreviewed
CVE-2014-125048
was published
Jan 6, 2023
Session fixation exists in ZoneMinder through 1.36.12 as an attacker can poison a session cookie...
Moderate
Unreviewed
CVE-2022-30769
was published
Nov 16, 2022
IBM WebSphere Application Server - Liberty could allow a remote attacker to bypass security...
Moderate
Unreviewed
CVE-2019-4304
was published
May 24, 2022
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior,...
Moderate
Unreviewed
CVE-2017-5141
was published
May 17, 2022
Session fixation vulnerability in the forgot password mechanism in Revive Adserver before 4.0.1,...
Moderate
Unreviewed
CVE-2017-5831
was published
May 17, 2022
IBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly update the SESSIONID with...
Moderate
Unreviewed
CVE-2017-1152
was published
May 17, 2022
IBM Jazz Foundation could allow an authenticated user to take over a previously logged in user...
Moderate
Unreviewed
CVE-2016-6040
was published
May 17, 2022
Hybridsessions does not expire session id on logout
Moderate
CVE-2022-24444
was published
for
silverstripe/hybridsessions
(Composer)
Jun 29, 2022
ProTip!
Advisories are also available from the
GraphQL API