GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
74 advisories
Filter by severity
Vulnerability of services denied by early fingerprint APIs on HarmonyOS products.Successful...
Moderate
Unreviewed
CVE-2023-34156
was published
Jun 19, 2023
An attacker who can spoof the IP address and the User-Agent of a logged-in user can takeover the...
Moderate
Unreviewed
CVE-2024-28144
was published
Dec 12, 2024
In certain conditions, depending on timing and the usage of the Chrome web browser, Guardian/CMC...
Moderate
Unreviewed
CVE-2023-24477
was published
Aug 9, 2023
A Session Fixation vulnerability exists in chatwoot/chatwoot versions prior to 2.4.0. The...
Moderate
Unreviewed
CVE-2021-3740
was published
Nov 15, 2024
A session fixation issue was discovered in the NGINX OpenID Connect reference implementation,...
Moderate
Unreviewed
CVE-2024-10318
was published
Nov 6, 2024
In visitUris of Notification.java, there is a possible way to leak image data across user...
Moderate
Unreviewed
CVE-2023-21239
was published
Jul 13, 2023
In visitUris of RemoteViews.java, there is a possible leak of images between users due to a...
Moderate
Unreviewed
CVE-2023-21238
was published
Jul 13, 2023
A vulnerability classified as problematic has been found in PHPGurukul Boat Booking System 1.0....
Moderate
Unreviewed
CVE-2024-10158
was published
Oct 20, 2024
IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable...
Moderate
Unreviewed
CVE-2024-22318
was published
Feb 9, 2024
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP2)....
Moderate
Unreviewed
CVE-2024-42345
was published
Sep 10, 2024
IBM Aspera Shares 1.10.0 PL2 does not invalidate session after a password change which could...
Moderate
Unreviewed
CVE-2023-38018
was published
Aug 12, 2024
As of v1.5.0, the Argo web interface authentication system issued immutable tokens....
Moderate
Unreviewed
CVE-2020-8826
was published
May 24, 2022
IBM Storage Scale 5.1.0.0 through 5.1.9.2 could allow an authenticated user to steal or...
Moderate
Unreviewed
CVE-2023-38002
was published
Apr 30, 2024
An issue has been discovered in GitLab affecting all versions starting from 11.9 before 15.9.6,...
Moderate
Unreviewed
CVE-2023-1265
was published
May 3, 2023
Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0...
Moderate
Unreviewed
CVE-2022-38628
was published
Dec 13, 2022
A remote session reuse vulnerability was discovered in HPE 3PAR Service Processor version(s):...
Moderate
Unreviewed
CVE-2019-5400
was published
May 24, 2022
The "action" get_sess_id in the web application of Pydio through 8.2.2 discloses the session...
Moderate
Unreviewed
CVE-2019-10045
was published
May 24, 2022
** DISPUTED ** Prior to 2018-04-27, the reprompt feature in Amazon Echo devices could be misused...
Moderate
Unreviewed
CVE-2018-11567
was published
May 14, 2022
A vulnerability was found in Bdtask Wholesale Inventory Management System up to 20240311. It has...
Moderate
Unreviewed
CVE-2024-2639
was published
Mar 19, 2024
IBM PowerSC 1.3, 2.0, and 2.1 does not provide logout functionality, which could allow an...
Moderate
Unreviewed
CVE-2023-50941
was published
Feb 2, 2024
An issue was discovered on GL.iNet devices before version 4.5.0. They assign the same session ID...
Moderate
Unreviewed
CVE-2023-50920
was published
Jan 12, 2024
Session Fixation in GitHub repository fossbilling/fossbilling prior to 0.5.1.
Moderate
Unreviewed
CVE-2023-3394
was published
Jun 23, 2023
Versions of Puppet Enterprise prior to 2021.7.6 and 2023.5 contain a flaw which results in broken...
Moderate
Unreviewed
CVE-2023-5309
was published
Nov 7, 2023
Session Fixation in GitHub repository instantsoft/icms2 prior to 2.16.1.
Moderate
Unreviewed
CVE-2023-4649
was published
Aug 31, 2023
IBM Security Access Manager 9.0.1 through 9.0.6 does not invalidate session tokens in a timely...
Moderate
Unreviewed
CVE-2019-4152
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API