GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
74 advisories
Filter by severity
A flaw was found in WildFly Elytron. A variation to the use of a session fixation exploit when...
Moderate
Unreviewed
CVE-2021-20324
was published
Apr 19, 2022
A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise...
Moderate
Unreviewed
CVE-2022-43529
was published
Jan 5, 2023
Nextcloud Server before 11.0.3 is vulnerable to an improper session handling allowed an...
Moderate
Unreviewed
CVE-2017-0892
was published
May 13, 2022
Session fixation vulnerability in Cybozu Garoon 4.0.0 to 4.2.4 allows remote attackers to perform...
Moderate
Unreviewed
CVE-2017-2145
was published
May 17, 2022
IBM Jazz Foundation could allow an authenticated user to take over a previously logged in user...
Moderate
Unreviewed
CVE-2016-6040
was published
May 17, 2022
IBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly update the SESSIONID with...
Moderate
Unreviewed
CVE-2017-1152
was published
May 17, 2022
Session fixation vulnerability in the forgot password mechanism in Revive Adserver before 4.0.1,...
Moderate
Unreviewed
CVE-2017-5831
was published
May 17, 2022
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior,...
Moderate
Unreviewed
CVE-2017-5141
was published
May 17, 2022
IBM WebSphere Application Server - Liberty could allow a remote attacker to bypass security...
Moderate
Unreviewed
CVE-2019-4304
was published
May 24, 2022
Session fixation exists in ZoneMinder through 1.36.12 as an attacker can poison a session cookie...
Moderate
Unreviewed
CVE-2022-30769
was published
Nov 16, 2022
A vulnerability, which was classified as critical, has been found in kassi xingwall. This issue...
Moderate
Unreviewed
CVE-2014-125048
was published
Jan 6, 2023
A session fixation vulnerability in J-Web on Junos OS may allow an attacker to use social...
Moderate
Unreviewed
CVE-2019-0062
was published
May 24, 2022
IBM Cloud Private 3.1.0, 3.1.1, and 3.1.2 does not invalidate session after logout which could...
Moderate
Unreviewed
CVE-2019-4439
was published
May 24, 2022
IBM Financial Transaction Manager 3.0.6 and 3.1.0 does not invalidate session after logout which...
Moderate
Unreviewed
CVE-2020-4555
was published
May 24, 2022
IBM Security Directory Server 6.4.0 does not set the secure attribute on authorization tokens or...
Moderate
Unreviewed
CVE-2019-4563
was published
May 24, 2022
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 does not invalidate session after a password...
Moderate
Unreviewed
CVE-2020-5021
was published
May 24, 2022
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are...
Moderate
Unreviewed
CVE-2019-18946
was published
May 24, 2022
IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to bypass...
Moderate
Unreviewed
CVE-2020-4954
was published
May 24, 2022
Pi-hole 5.0, 5.1, and 5.1.1 allows Session Fixation. The application does not generate a new...
Moderate
Unreviewed
CVE-2020-35591
was published
May 24, 2022
A session fixation vulnerability was discovered in Ice Hrm 29.0.0 OS which allows an attacker to...
Moderate
Unreviewed
CVE-2021-35046
was published
May 24, 2022
Cubecart 6.4.2 allows Session Fixation. The application does not generate a new session cookie...
Moderate
Unreviewed
CVE-2021-33394
was published
May 24, 2022
Under specialized conditions, GitLab may allow a user with an impersonation token to perform Git...
Moderate
Unreviewed
CVE-2021-22237
was published
May 24, 2022
Session fixation on password protected public links in the ownCloud Server before 10.8.0 allows...
Moderate
Unreviewed
CVE-2021-35948
was published
May 24, 2022
Session fixation vulnerability in Drupal 5.x before 5.9 and 6.x before 6.3, when contributed...
Moderate
Unreviewed
CVE-2008-3222
was published
May 1, 2022
Cloud Foundry Stratos, versions prior to 2.3.0, contains an insecure session that can be spoofed....
Moderate
Unreviewed
CVE-2019-3784
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API