GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
190 advisories
Filter by severity
Initially, a user opens a Private Browsing Window and generates a password for a site, then...
Low
Unreviewed
CVE-2020-6824
was published
May 24, 2022
An issue was discovered in DAViCal Andrew's Web Libraries (AWL) through 0.60. Session management...
High
Unreviewed
CVE-2020-11728
was published
May 24, 2022
Insufficient session validation in Intel(R) Baseboard Management Controller firmware may allow an...
High
Unreviewed
CVE-2019-11173
was published
May 24, 2022
clonos.php in ClonOS WEB control panel 19.09 allows remote attackers to gain full access via...
Critical
Unreviewed
CVE-2019-18418
was published
May 24, 2022
eQ-3 HomeMatic CCU3 firmware 3.41.11 allows session fixation. An attacker can create session IDs...
High
Unreviewed
CVE-2019-15849
was published
May 24, 2022
A session fixation vulnerability in J-Web on Junos OS may allow an attacker to use social...
Moderate
Unreviewed
CVE-2019-0062
was published
May 24, 2022
IBM MQ 8.0.0.4 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 AMQP Listeners...
High
Unreviewed
CVE-2019-4227
was published
May 24, 2022
IBM WebSphere Application Server - Liberty could allow a remote attacker to bypass security...
Moderate
Unreviewed
CVE-2019-4304
was published
May 24, 2022
An internal product security audit discovered a session handling vulnerability in the web...
High
Unreviewed
CVE-2019-6161
was published
May 24, 2022
A remote session reuse vulnerability was discovered in HPE 3PAR StoreServ Management and Core...
High
Unreviewed
CVE-2019-5406
was published
May 24, 2022
A remote session reuse vulnerability was discovered in HPE 3PAR Service Processor version(s):...
Moderate
Unreviewed
CVE-2019-5400
was published
May 24, 2022
Wind River VxWorks 6.5 through 6.9 and vx7 has Session Fixation in the TCP component. This is a...
High
Unreviewed
CVE-2019-12258
was published
May 24, 2022
IBM Cloud Private 3.1.0, 3.1.1, and 3.1.2 does not invalidate session after logout which could...
Moderate
Unreviewed
CVE-2019-4439
was published
May 24, 2022
On eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16, automatic login...
High
Unreviewed
CVE-2019-10120
was published
May 24, 2022
IBM Security Access Manager 9.0.1 through 9.0.6 does not invalidate session tokens in a timely...
Moderate
Unreviewed
CVE-2019-4152
was published
May 24, 2022
The "action" get_sess_id in the web application of Pydio through 8.2.2 discloses the session...
Moderate
Unreviewed
CVE-2019-10045
was published
May 24, 2022
A vulnerability in the session management functionality of the web UI for the Cisco Umbrella...
High
Unreviewed
CVE-2019-1807
was published
May 24, 2022
BPC SmartVista 2 has Session Fixation via the JSESSIONID parameter.
High
Unreviewed
CVE-2018-15208
was published
May 24, 2022
Zoho ManageEngine ServiceDesk 9.3 allows session hijacking and privilege escalation because an...
High
Unreviewed
CVE-2019-10008
was published
May 24, 2022
IBM Jazz Foundation could allow an authenticated user to take over a previously logged in user...
Moderate
Unreviewed
CVE-2016-6040
was published
May 17, 2022
Tivoli Storage Manager Operations Center could allow a local user to take over a previously...
High
Unreviewed
CVE-2016-6043
was published
May 17, 2022
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior,...
Moderate
Unreviewed
CVE-2017-5141
was published
May 17, 2022
Session fixation vulnerability in the forgot password mechanism in Revive Adserver before 4.0.1,...
Moderate
Unreviewed
CVE-2017-5831
was published
May 17, 2022
Session fixation vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack...
High
Unreviewed
CVE-2016-10205
was published
May 17, 2022
In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could occur, aka NSWA-1310.
High
Unreviewed
CVE-2017-6412
was published
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API