Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

87 advisories

Loading
Keycloak has session fixation in Elytron SAML adapters High
CVE-2024-7341 was published for org.keycloak:keycloak-services (Maven) Oct 14, 2024
Chetven
Duplicate Advisory: Keycloak Session Fixation vulnerability High
GHSA-j76j-rqwj-jmvv was published for org.keycloak:keycloak-services (Maven) Sep 9, 2024 withdrawn
stianst
Apache IoTDB Session Fixation vulnerability Moderate
CVE-2022-38369 was published for apache-iotdb (Maven) Sep 6, 2022
OpenStack Horizon Session Fixation Moderate
CVE-2012-2144 was published for horizon (pip) May 17, 2022
aiohttp-session Session Fixation vulnerability High
CVE-2018-1000519 was published for aiohttp-session (pip) Sep 13, 2018
Session fixation vulnerability in Jenkins OpenId Connect Authentication Plugin High
CVE-2024-52553 was published for org.jenkins-ci.plugins:oic-auth (Maven) Nov 13, 2024
Session Fixation in Tryton High
CVE-2018-19443 was published for tryton (pip) Nov 29, 2018
Apache Kylin Session Fixation vulnerability High
CVE-2024-23590 was published for org.apache.kylin:kylin (Maven) Nov 4, 2024
rdiffweb vulnerable to account access via session fixation Critical
CVE-2022-3269 was published for rdiffweb (pip) Sep 25, 2022
Umbraco CMS Has Incomplete Server Termination During Explicit Sign-Out Moderate
CVE-2024-48929 was published for Umbraco.CMS (NuGet) Oct 22, 2024
Liferay Portal's account lockout does not invalidate existing user sessions Moderate
CVE-2023-47798 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 8, 2024
Django allows user sessions hijacking via an empty string in the session key Moderate
CVE-2015-3982 was published for Django (pip) May 17, 2022
MarkLee131
Apache Airflow Session Fixation vulnerability Critical
CVE-2022-38054 was published for apache-airflow (pip) Sep 3, 2022
Apache Airflow Session Fixation vulnerability High
CVE-2023-40273 was published for apache-airflow (pip) Aug 23, 2023
Session is cached for OpenID and OAuth2 if `redirect` is not used High
CVE-2024-45596 was published for @directus/api (npm) Sep 10, 2024
joselcvarela
Session Middleware Token Injection Vulnerability Critical
CVE-2024-38513 was published for github.com/gofiber/fiber (Go) Jul 1, 2024
sixcolors
Unauthenticated Access to sensitive settings in Argo CD Moderate
CVE-2024-37152 was published for github.com/argoproj/argo-cd/v2/server (Go) Jun 6, 2024
moshikoHassan
Zend-Session session validation vulnerability Moderate
GHSA-96c6-m98x-hxjx was published for zendframework/zend-session (Composer) Jun 7, 2024
Zendframework session validation vulnerability Moderate
GHSA-62f6-h68r-3jpw was published for zendframework/zendframework (Composer) Jun 7, 2024
TYPO3 frontend login vulnerable to Session Fixation High
GHSA-r9vc-jfmh-6j48 was published for typo3/cms (Composer) May 30, 2024
TYPO3 Security Misconfiguration in User Session Handling Moderate
GHSA-xmgr-jff3-fcfv was published for typo3/cms-core (Composer) May 30, 2024
silverstripe/framework's User-Agent header not correctly invalidating user session High
GHSA-4qx8-j9vh-2628 was published for silverstripe/framework (Composer) May 27, 2024
Laravel Hijacked authentication cookies vulnerability Moderate
GHSA-p62r-7637-3wwc was published for laravel/framework (Composer) May 15, 2024
Laravel Hijacked authentication cookies vulnerability Moderate
GHSA-q4xf-7fw5-4x8v was published for illuminate/auth (Composer) May 15, 2024
SimpleSAMLphp Session fixation issue and authentication bypass in the authcrypt module Critical
CVE-2017-12868 was published for simplesamlphp/simplesamlphp (Composer) May 14, 2022
ProTip! Advisories are also available from the GraphQL API