GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
31 advisories
Filter by severity
Keycloak has session fixation in Elytron SAML adapters
High
CVE-2024-7341
was published
for
org.keycloak:keycloak-services
(Maven)
Oct 14, 2024
Duplicate Advisory: Keycloak Session Fixation vulnerability
High
GHSA-j76j-rqwj-jmvv
was published
for
org.keycloak:keycloak-services
(Maven)
Sep 9, 2024
•
withdrawn
aiohttp-session Session Fixation vulnerability
High
CVE-2018-1000519
was published
for
aiohttp-session
(pip)
Sep 13, 2018
Session fixation vulnerability in Jenkins OpenId Connect Authentication Plugin
High
CVE-2024-52553
was published
for
org.jenkins-ci.plugins:oic-auth
(Maven)
Nov 13, 2024
Apache Kylin Session Fixation vulnerability
High
CVE-2024-23590
was published
for
org.apache.kylin:kylin
(Maven)
Nov 4, 2024
Apache Airflow Session Fixation vulnerability
High
CVE-2023-40273
was published
for
apache-airflow
(pip)
Aug 23, 2023
Session is cached for OpenID and OAuth2 if `redirect` is not used
High
CVE-2024-45596
was published
for
@directus/api
(npm)
Sep 10, 2024
TYPO3 frontend login vulnerable to Session Fixation
High
GHSA-r9vc-jfmh-6j48
was published
for
typo3/cms
(Composer)
May 30, 2024
silverstripe/framework's User-Agent header not correctly invalidating user session
High
GHSA-4qx8-j9vh-2628
was published
for
silverstripe/framework
(Composer)
May 27, 2024
Magento 2 Community Edition Session Fixation Check
High
CVE-2019-7849
was published
for
magento/community-edition
(Composer)
May 24, 2022
Symfony Session Fixation Vulnerability
High
CVE-2018-11385
was published
for
symfony/security
(Composer)
May 14, 2022
Authentication library in TYPO3 vulnerable to session fixation
High
CVE-2009-0256
was published
for
typo3/cms
(Composer)
May 2, 2022
Jenkins CAS Plugin Session Fixation vulnerability
High
CVE-2023-32997
was published
for
org.jenkins-ci.plugins:cas-plugin
(Maven)
May 16, 2023
Session Fixation in Apache CXF
High
CVE-2017-5656
was published
for
org.apache.cxf:cxf-core
(Maven)
May 13, 2022
Session fixation vulnerability in Jenkins
High
CVE-2021-21671
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Jenkins Gitlab Authentication Plugin vulnerable to Session Fixation
High
CVE-2019-10371
was published
for
org.jenkins-ci.plugins:gitlab-oauth
(Maven)
May 24, 2022
Session fixation in fastify-passport
High
CVE-2023-29019
was published
for
@fastify/passport
(npm)
Apr 21, 2023
Uptime Kuma has Persistentent User Sessions
High
CVE-2023-44400
was published
for
uptime-kuma
(npm)
Oct 10, 2023
Jenkins WSO2 Oauth Plugin Session Fixation vulnerability
High
CVE-2023-33005
was published
for
org.jenkins-ci.plugins:wso2id-oauth
(Maven)
May 16, 2023
Jenkins OpenShift Login Plugin session fixation vulnerability
High
CVE-2023-37946
was published
for
org.openshift.jenkins:openshift-login
(Maven)
Jul 12, 2023
KubePi session fixation attack allows an attacker to hijack a legitimate user session.
High
CVE-2023-22479
was published
for
github.com/KubeOperator/kubepi
(Go)
Jan 9, 2023
Moodle Session Fixation vulnerability
High
CVE-2021-36394
was published
for
moodle/moodle
(Composer)
Mar 6, 2023
Session fixation vulnerability in Jenkins OpenId Connect Authentication Plugin
High
CVE-2023-24424
was published
for
org.jenkins-ci.plugins:oic-auth
(Maven)
Jan 26, 2023
Session Fixation in Apache Zeppelin
High
CVE-2017-12619
was published
for
org.apache.zeppelin:zeppelin
(Maven)
Apr 24, 2019
ProTip!
Advisories are also available from the
GraphQL API