GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
32 advisories
Filter by severity
Zend-Session session validation vulnerability
Moderate
GHSA-96c6-m98x-hxjx
was published
for
zendframework/zend-session
(Composer)
Jun 7, 2024
Zendframework session validation vulnerability
Moderate
GHSA-62f6-h68r-3jpw
was published
for
zendframework/zendframework
(Composer)
Jun 7, 2024
TYPO3 frontend login vulnerable to Session Fixation
High
GHSA-r9vc-jfmh-6j48
was published
for
typo3/cms
(Composer)
May 30, 2024
TYPO3 Security Misconfiguration in User Session Handling
Moderate
GHSA-xmgr-jff3-fcfv
was published
for
typo3/cms-core
(Composer)
May 30, 2024
silverstripe/framework's User-Agent header not correctly invalidating user session
High
GHSA-4qx8-j9vh-2628
was published
for
silverstripe/framework
(Composer)
May 27, 2024
Laravel Hijacked authentication cookies vulnerability
Moderate
GHSA-p62r-7637-3wwc
was published
for
laravel/framework
(Composer)
May 15, 2024
Laravel Hijacked authentication cookies vulnerability
Moderate
GHSA-q4xf-7fw5-4x8v
was published
for
illuminate/auth
(Composer)
May 15, 2024
SimpleSAMLphp Session fixation issue and authentication bypass in the authcrypt module
Critical
CVE-2017-12868
was published
for
simplesamlphp/simplesamlphp
(Composer)
May 14, 2022
phpMyAdmin Bypass logout timeout
Moderate
CVE-2016-9851
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 17, 2022
Contao: Remember-me tokens will not be cleared after a password change
Moderate
CVE-2024-30262
was published
for
contao/core-bundle
(Composer)
Apr 9, 2024
Magento 2 Community Edition Session Fixation Check
High
CVE-2019-7849
was published
for
magento/community-edition
(Composer)
May 24, 2022
Symfony Session Fixation Vulnerability
High
CVE-2018-11385
was published
for
symfony/security
(Composer)
May 14, 2022
Symfony Session Fixation Vulnerability
Low
CVE-2015-8124
was published
for
symfony/security
(Composer)
May 14, 2022
TYPO3 is vulnerable to Session Fixation
Moderate
CVE-2010-3671
was published
for
typo3/cms-install
(Composer)
Apr 21, 2022
Incorrect persistent NameID generation in SimpleSAMLphp
Critical
CVE-2017-12873
was published
for
simplesamlphp/simplesamlphp
(Composer)
Jan 24, 2020
Session fixation in change password form
Moderate
CVE-2019-12203
was published
for
silverstripe/framework
(Composer)
Nov 12, 2019
Cookie persistence after password changes in symfony/security-bundle
Moderate
CVE-2021-41268
was published
for
symfony/security-bundle
(Composer)
Nov 24, 2021
Authentication library in TYPO3 vulnerable to session fixation
High
CVE-2009-0256
was published
for
typo3/cms
(Composer)
May 2, 2022
Symfony possible session fixation vulnerability
Moderate
CVE-2023-46733
was published
for
symfony/security-http
(Composer)
Nov 12, 2023
Froxlor Session Fixation vulnerability
Moderate
CVE-2023-3192
was published
for
froxlor/froxlor
(Composer)
Jun 11, 2023
CodeIgniter Session Fixation Vulnerability
Critical
CVE-2018-12071
was published
for
codeigniter/framework
(Composer)
May 14, 2022
Symfony vulnerable to Session Fixation of CSRF tokens
Moderate
CVE-2022-24895
was published
for
symfony/security-bundle
(Composer)
Feb 1, 2023
alextselegidis/easyappointments Session Fixation vulnerability
Moderate
CVE-2023-2105
was published
for
alextselegidis/easyappointments
(Composer)
Apr 15, 2023
Moodle Session Fixation vulnerability
High
CVE-2021-36394
was published
for
moodle/moodle
(Composer)
Mar 6, 2023
Shopware guest session is shared between customers
Moderate
CVE-2022-24745
was published
for
shopware/platform
(Composer)
Mar 10, 2022
ProTip!
Advisories are also available from the
GraphQL API