GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
17 advisories
Filter by severity
Access and integrity issue within Eclipse Jetty
High
CVE-2018-12538
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Oct 16, 2018
Improper Authentication in org.keycloak:keycloak-core
High
CVE-2016-8609
was published
for
org.keycloak:keycloak-core
(Maven)
Oct 18, 2018
Session Fixation in Apache Zeppelin
High
CVE-2017-12619
was published
for
org.apache.zeppelin:zeppelin
(Maven)
Apr 24, 2019
In Apache Tomcat, when using FORM authentication there was a narrow window where an attacker could perform a session fixation attack
High
CVE-2019-17563
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Dec 26, 2019
Session Fixation in WildFly Elytron
High
CVE-2020-10714
was published
for
org.wildfly.security:wildfly-elytron
(Maven)
Feb 15, 2022
Session Fixation in Apache CXF
High
CVE-2017-5656
was published
for
org.apache.cxf:cxf-core
(Maven)
May 13, 2022
Jenkins Gitlab Authentication Plugin vulnerable to Session Fixation
High
CVE-2019-10371
was published
for
org.jenkins-ci.plugins:gitlab-oauth
(Maven)
May 24, 2022
Session fixation vulnerability in Jenkins
High
CVE-2021-21671
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Session fixation vulnerability in Jenkins OpenId Connect Authentication Plugin
High
CVE-2023-24424
was published
for
org.jenkins-ci.plugins:oic-auth
(Maven)
Jan 26, 2023
Session fixation vulnerability in Jenkins OpenID Plugin
High
CVE-2023-24444
was published
for
org.jenkins-ci.plugins:openid
(Maven)
Jan 26, 2023
Jenkins WSO2 Oauth Plugin Session Fixation vulnerability
High
CVE-2023-33005
was published
for
org.jenkins-ci.plugins:wso2id-oauth
(Maven)
May 16, 2023
Jenkins CAS Plugin Session Fixation vulnerability
High
CVE-2023-32997
was published
for
org.jenkins-ci.plugins:cas-plugin
(Maven)
May 16, 2023
Jenkins OpenShift Login Plugin session fixation vulnerability
High
CVE-2023-37946
was published
for
org.openshift.jenkins:openshift-login
(Maven)
Jul 12, 2023
Duplicate Advisory: Keycloak Session Fixation vulnerability
High
GHSA-j76j-rqwj-jmvv
was published
for
org.keycloak:keycloak-services
(Maven)
Sep 9, 2024
•
withdrawn
Keycloak has session fixation in Elytron SAML adapters
High
CVE-2024-7341
was published
for
org.keycloak:keycloak-services
(Maven)
Oct 14, 2024
Apache Kylin Session Fixation vulnerability
High
CVE-2024-23590
was published
for
org.apache.kylin:kylin
(Maven)
Nov 4, 2024
Session fixation vulnerability in Jenkins OpenId Connect Authentication Plugin
High
CVE-2024-52553
was published
for
org.jenkins-ci.plugins:oic-auth
(Maven)
Nov 13, 2024
ProTip!
Advisories are also available from the
GraphQL API