GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,703
NuGet
661
pip
3,329
Pub
11
RubyGems
884
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+
43 advisories
Filter by severity
Session Fixation vulnerability in Oceanic Software ValeApp allows Brute Force, Session Hijacking...
Critical
Unreviewed
CVE-2024-8643
was published
Sep 27, 2024
Session Middleware Token Injection Vulnerability
Critical
CVE-2024-38513
was published
for
github.com/gofiber/fiber
(Go)
Jul 1, 2024
Session fixation in Enonic XP
Critical
CVE-2024-23679
was published
for
com.enonic.xp:lib-auth
(Maven)
Jan 19, 2024
Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24.492 is vulnerable to...
Critical
Unreviewed
CVE-2023-48929
was published
Dec 8, 2023
Sielco PolyEco1000 is vulnerable to a session hijack vulnerability due to the cookie being...
Critical
Unreviewed
CVE-2023-0897
was published
Oct 26, 2023
Insecure Permissions vulnerability in icmsdev iCMS v.7.0.16 allows a remote attacker to obtain...
Critical
Unreviewed
CVE-2023-42322
was published
Sep 20, 2023
An issue in China Mobile Communications China Mobile Intelligent Home Gateway v.HG6543C4 allows a...
Critical
Unreviewed
CVE-2023-41012
was published
Sep 5, 2023
A privilege escalation issue was found in PHP Gurukul Hospital Management System In v.4.0 allows...
Critical
Unreviewed
CVE-2023-31498
was published
May 11, 2023
A security vulnerability has been discovered in the implementation of 2FA on the rocket.chat...
Critical
Unreviewed
CVE-2023-28316
was published
May 10, 2023
A condition for session fixation vulnerability [CWE-384] in the session management of FortiWeb...
Critical
Unreviewed
CVE-2021-42761
was published
Feb 16, 2023
Session fixation vulnerability in Jenkins Keycloak Authentication Plugin
Critical
CVE-2023-24456
was published
for
org.jenkins-ci.plugins:keycloak
(Maven)
Jan 26, 2023
Session fixation vulnerability in Jenkins Bitbucket OAuth Plugin
Critical
CVE-2023-24427
was published
for
org.jenkins-ci.plugins:bitbucket-oauth
(Maven)
Jan 26, 2023
Hazelcast connection caching
Critical
CVE-2022-36437
was published
for
com.hazelcast.jet:hazelcast-jet
(Maven)
Dec 27, 2022
VMware Workspace ONE Assist prior to 22.10 contains a Session fixation vulnerability. A malicious...
Critical
Unreviewed
CVE-2022-31689
was published
Nov 10, 2022
The application was vulnerable to a session fixation that could be used hijack accounts.
Critical
Unreviewed
CVE-2022-40293
was published
Nov 1, 2022
com.enonic.xp:lib-auth vulnerable to Session Fixation
Critical
GHSA-4m5p-5w5w-3jcf
was published
for
com.enonic.xp:lib-auth
(Maven)
Oct 12, 2022
rdiffweb vulnerable to account access via session fixation
Critical
CVE-2022-3269
was published
for
rdiffweb
(pip)
Sep 25, 2022
This vulnerability exists in Tacitine Firewall, all versions of EN6200-PRIME QUAD-35 and EN6200...
Critical
Unreviewed
CVE-2022-40630
was published
Sep 25, 2022
Apache Airflow Session Fixation vulnerability
Critical
CVE-2022-38054
was published
for
apache-airflow
(pip)
Sep 3, 2022
Session fixation vulnerability in D-Link DIR-600L routers (rev. Ax) with firmware before FW1.17...
Critical
Unreviewed
CVE-2016-10405
was published
May 24, 2022
** UNSUPPORTED WHEN ASSIGNED ** In ARCHIBUS Web Central 21.3.3.815 (a version from 2014), the Web...
Critical
Unreviewed
CVE-2021-41553
was published
May 24, 2022
Certain NetModule devices allow Limited Session Fixation via PHPSESSID. These models with...
Critical
Unreviewed
CVE-2021-39290
was published
May 24, 2022
clonos.php in ClonOS WEB control panel 19.09 allows remote attackers to gain full access via...
Critical
Unreviewed
CVE-2019-18418
was published
May 24, 2022
Session fixation vulnerability in Unit4 Polska TETA Web (formerly TETA Galactica) 22.62.3.4 and...
Critical
Unreviewed
CVE-2015-1174
was published
May 17, 2022
/bin/login.php in the Web Panel on the Airtame HDMI dongle with firmware before 3.0 allows an...
Critical
Unreviewed
CVE-2017-15304
was published
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API