Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

31 advisories

Loading
Keycloak has session fixation in Elytron SAML adapters High
CVE-2024-7341 was published for org.keycloak:keycloak-services (Maven) Oct 14, 2024
Chetven
Duplicate Advisory: Keycloak Session Fixation vulnerability High
GHSA-j76j-rqwj-jmvv was published for org.keycloak:keycloak-services (Maven) Sep 9, 2024 withdrawn
stianst
Apache IoTDB Session Fixation vulnerability Moderate
CVE-2022-38369 was published for apache-iotdb (Maven) Sep 6, 2022
Session fixation vulnerability in Jenkins OpenId Connect Authentication Plugin High
CVE-2024-52553 was published for org.jenkins-ci.plugins:oic-auth (Maven) Nov 13, 2024
Apache Kylin Session Fixation vulnerability High
CVE-2024-23590 was published for org.apache.kylin:kylin (Maven) Nov 4, 2024
Liferay Portal's account lockout does not invalidate existing user sessions Moderate
CVE-2023-47798 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 8, 2024
Keycloak vulnerable to session hijacking via re-authentication Moderate
CVE-2023-6787 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
com.enonic.xp:lib-auth vulnerable to Session Fixation Critical
GHSA-4m5p-5w5w-3jcf was published for com.enonic.xp:lib-auth (Maven) Oct 12, 2022
Graylog session fixation vulnerability through cookie injection Moderate
CVE-2024-24823 was published for org.graylog2:graylog2-server (Maven) Feb 7, 2024
fabsx00
Session fixation in Enonic XP Critical
CVE-2024-23679 was published for com.enonic.xp:lib-auth (Maven) Jan 19, 2024
GitHub Authentication Plugin session fixation vulnerability Moderate
CVE-2019-1003019 was published for org.jenkins-ci.plugins:github-oauth (Maven) May 13, 2022
Session fixation vulnerability in Jenkins Keycloak Authentication Plugin Critical
CVE-2023-24456 was published for org.jenkins-ci.plugins:keycloak (Maven) Jan 26, 2023
Jenkins CAS Plugin Session Fixation vulnerability High
CVE-2023-32997 was published for org.jenkins-ci.plugins:cas-plugin (Maven) May 16, 2023
Improper implementation of the session fixation protection in Infinispan Critical
CVE-2019-10158 was published for org.infinispan:infinispan-core (Maven) Jan 21, 2020
poschi3
Session Fixation in Apache CXF High
CVE-2017-5656 was published for org.apache.cxf:cxf-core (Maven) May 13, 2022
sunSUNQ
Session Fixation in Jenkins Moderate
CVE-2018-1000409 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Session fixation vulnerability in Jenkins High
CVE-2021-21671 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Jenkins SAML Plugin Session Fixation vulnerability Moderate
CVE-2018-1000602 was published for org.jenkins-ci.plugins:saml (Maven) May 14, 2022
Jenkins Gitlab Authentication Plugin vulnerable to Session Fixation High
CVE-2019-10371 was published for org.jenkins-ci.plugins:gitlab-oauth (Maven) May 24, 2022
Jenkins WSO2 Oauth Plugin Session Fixation vulnerability High
CVE-2023-33005 was published for org.jenkins-ci.plugins:wso2id-oauth (Maven) May 16, 2023
Jenkins OpenShift Login Plugin session fixation vulnerability High
CVE-2023-37946 was published for org.openshift.jenkins:openshift-login (Maven) Jul 12, 2023
Hazelcast connection caching Critical
CVE-2022-36437 was published for com.hazelcast.jet:hazelcast-jet (Maven) Dec 27, 2022
Session fixation vulnerability in Jenkins Bitbucket OAuth Plugin Critical
CVE-2023-24427 was published for org.jenkins-ci.plugins:bitbucket-oauth (Maven) Jan 26, 2023
Session fixation vulnerability in Jenkins OpenId Connect Authentication Plugin High
CVE-2023-24424 was published for org.jenkins-ci.plugins:oic-auth (Maven) Jan 26, 2023
Session Fixation in Apache Zeppelin High
CVE-2017-12619 was published for org.apache.zeppelin:zeppelin (Maven) Apr 24, 2019
ProTip! Advisories are also available from the GraphQL API