Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

273 advisories

Loading
As of v1.5.0, the Argo web interface authentication system issued immutable tokens.... Moderate Unreviewed
CVE-2020-8826 was published May 24, 2022
Session fixation vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT... High Unreviewed
CVE-2020-5645 was published May 24, 2022
Session fixation vulnerability in D-Link DIR-600L routers (rev. Ax) with firmware before FW1.17... Critical Unreviewed
CVE-2016-10405 was published May 24, 2022
An issue was discovered in Barrier before 2.4.0. An attacker can enter an active session state... High Unreviewed
CVE-2021-42073 was published May 24, 2022
** UNSUPPORTED WHEN ASSIGNED ** In ARCHIBUS Web Central 21.3.3.815 (a version from 2014), the Web... Critical Unreviewed
CVE-2021-41553 was published May 24, 2022
Session fixation on password protected public links in the ownCloud Server before 10.8.0 allows... Moderate Unreviewed
CVE-2021-35948 was published May 24, 2022
Under specialized conditions, GitLab may allow a user with an impersonation token to perform Git... Moderate Unreviewed
CVE-2021-22237 was published May 24, 2022
Certain NetModule devices allow Limited Session Fixation via PHPSESSID. These models with... Critical Unreviewed
CVE-2021-39290 was published May 24, 2022
A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when... High Unreviewed
CVE-2021-22927 was published May 24, 2022
Session fixation vulnerability in Jenkins High
CVE-2021-21671 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
A session fixation vulnerability was discovered in Ice Hrm 29.0.0 OS which allows an attacker to... Moderate Unreviewed
CVE-2021-35046 was published May 24, 2022
Cubecart 6.4.2 allows Session Fixation. The application does not generate a new session cookie... Moderate Unreviewed
CVE-2021-33394 was published May 24, 2022
In VOS user session identifier (authentication token) is issued to the browser prior to... High Unreviewed
CVE-2018-16495 was published May 24, 2022
The authentication token required to execute NSDP write requests on NETGEAR JGS516PE/GS116Ev2 v2... High Unreviewed
CVE-2020-35229 was published May 24, 2022
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are... Moderate Unreviewed
CVE-2019-18946 was published May 24, 2022
Pi-hole 5.0, 5.1, and 5.1.1 allows Session Fixation. The application does not generate a new... Moderate Unreviewed
CVE-2020-35591 was published May 24, 2022
IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to bypass... Moderate Unreviewed
CVE-2020-4954 was published May 24, 2022
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 does not invalidate session after a password... Moderate Unreviewed
CVE-2020-5021 was published May 24, 2022
IBM Financial Transaction Manager 3.0.6 and 3.1.0 does not invalidate session after logout which... Moderate Unreviewed
CVE-2020-4555 was published May 24, 2022
Session fixation vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series ... High Unreviewed
CVE-2020-5654 was published May 24, 2022
IBM Security Directory Server 6.4.0 does not set the secure attribute on authorization tokens or... Moderate Unreviewed
CVE-2019-4563 was published May 24, 2022
On versions 3.0.0-3.3.0, the NGINX Controller webserver does not invalidate the server-side... High Unreviewed
CVE-2020-5894 was published May 24, 2022
Initially, a user opens a Private Browsing Window and generates a password for a site, then... Low Unreviewed
CVE-2020-6824 was published May 24, 2022
An issue was discovered in DAViCal Andrew's Web Libraries (AWL) through 0.60. Session management... High Unreviewed
CVE-2020-11728 was published May 24, 2022
Insufficient session validation in Intel(R) Baseboard Management Controller firmware may allow an... High Unreviewed
CVE-2019-11173 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API