GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
31 advisories
Filter by severity
Session Fixation vulnerabilities allow an attacker to fix a users session identifier before login...
Critical
Unreviewed
CVE-2024-11317
was published
Dec 5, 2024
The End-User Portal module before 1.0.65 for FreeScout sometimes allows an attacker to...
Critical
Unreviewed
CVE-2023-52268
was published
Nov 12, 2024
Session Fixation vulnerability in Oceanic Software ValeApp allows Brute Force, Session Hijacking...
Critical
Unreviewed
CVE-2024-8643
was published
Sep 27, 2024
Sielco PolyEco1000 is vulnerable to a session hijack vulnerability due to the cookie being...
Critical
Unreviewed
CVE-2023-0897
was published
Oct 26, 2023
Insecure Permissions vulnerability in icmsdev iCMS v.7.0.16 allows a remote attacker to obtain...
Critical
Unreviewed
CVE-2023-42322
was published
Sep 20, 2023
An issue in China Mobile Communications China Mobile Intelligent Home Gateway v.HG6543C4 allows a...
Critical
Unreviewed
CVE-2023-41012
was published
Sep 5, 2023
A security vulnerability has been discovered in the implementation of 2FA on the rocket.chat...
Critical
Unreviewed
CVE-2023-28316
was published
May 10, 2023
clonos.php in ClonOS WEB control panel 19.09 allows remote attackers to gain full access via...
Critical
Unreviewed
CVE-2019-18418
was published
May 24, 2022
** UNSUPPORTED WHEN ASSIGNED ** In ARCHIBUS Web Central 21.3.3.815 (a version from 2014), the Web...
Critical
Unreviewed
CVE-2021-41553
was published
May 24, 2022
Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24.492 is vulnerable to...
Critical
Unreviewed
CVE-2023-48929
was published
Dec 8, 2023
A privilege escalation issue was found in PHP Gurukul Hospital Management System In v.4.0 allows...
Critical
Unreviewed
CVE-2023-31498
was published
May 11, 2023
Certain NetModule devices allow Limited Session Fixation via PHPSESSID. These models with...
Critical
Unreviewed
CVE-2021-39290
was published
May 24, 2022
TP-Link TL-WA850RE Wi-Fi Range Extender before v6_200923 was discovered to use highly predictable...
Critical
Unreviewed
CVE-2022-22922
was published
Feb 19, 2022
A condition for session fixation vulnerability [CWE-384] in the session management of FortiWeb...
Critical
Unreviewed
CVE-2021-42761
was published
Feb 16, 2023
Trendnet AC2600 TEW-827DRU version 2.08B01 contains a flaw in the session management for the...
Critical
Unreviewed
CVE-2021-20151
was published
Dec 31, 2021
/bin/login.php in the Web Panel on the Airtame HDMI dongle with firmware before 3.0 allows an...
Critical
Unreviewed
CVE-2017-15304
was published
May 17, 2022
VMware vRealize Automation (vRA) prior to 7.4.0 contains a vulnerability in the handling of...
Critical
Unreviewed
CVE-2018-6959
was published
May 14, 2022
An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel...
Critical
Unreviewed
CVE-2018-11714
was published
May 14, 2022
The application was vulnerable to a session fixation that could be used hijack accounts.
Critical
Unreviewed
CVE-2022-40293
was published
Nov 1, 2022
Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as...
Critical
Unreviewed
CVE-2018-18925
was published
May 14, 2022
DbNinja 3.2.7 allows session fixation via the data.php sessid parameter.
Critical
Unreviewed
CVE-2019-7747
was published
May 14, 2022
VMware vCloud Director for Service Providers 9.5.x prior to 9.5.0.3 update resolves a Remote...
Critical
Unreviewed
CVE-2019-5523
was published
May 14, 2022
Session fixation vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack web...
Critical
Unreviewed
CVE-2017-12965
was published
May 14, 2022
Session cookies are not used for maintaining valid sessions in iTrack Easy. The user's password...
Critical
Unreviewed
CVE-2016-6545
was published
May 13, 2022
Revive Adserver before 3.2.3 suffers from session fixation, by allowing arbitrary session...
Critical
Unreviewed
CVE-2016-9125
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API