GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
263 advisories
Filter by severity
rdiffweb vulnerable to account access via session fixation
Critical
CVE-2022-3269
was published
for
rdiffweb
(pip)
Sep 25, 2022
IBM Cloud Private 3.1.0, 3.1.1, and 3.1.2 does not invalidate session after logout which could...
Moderate
Unreviewed
CVE-2019-4439
was published
May 24, 2022
A session fixation vulnerability in J-Web on Junos OS may allow an attacker to use social...
Moderate
Unreviewed
CVE-2019-0062
was published
May 24, 2022
In Apache Tomcat, when using FORM authentication there was a narrow window where an attacker could perform a session fixation attack
High
CVE-2019-17563
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Dec 26, 2019
Jenkins Google Login Plugin Session Fixation vulnerability
Moderate
CVE-2018-1000173
was published
for
org.jenkins-ci.plugins:google-login
(Maven)
May 14, 2022
A vulnerability, which was classified as critical, has been found in kassi xingwall. This issue...
Moderate
Unreviewed
CVE-2014-125048
was published
Jan 6, 2023
Session fixation exists in ZoneMinder through 1.36.12 as an attacker can poison a session cookie...
Moderate
Unreviewed
CVE-2022-30769
was published
Nov 16, 2022
IBM MQ 8.0.0.4 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 AMQP Listeners...
High
Unreviewed
CVE-2019-4227
was published
May 24, 2022
IBM WebSphere Application Server - Liberty could allow a remote attacker to bypass security...
Moderate
Unreviewed
CVE-2019-4304
was published
May 24, 2022
This vulnerability exists in Tacitine Firewall, all versions of EN6200-PRIME QUAD-35 and EN6200...
Critical
Unreviewed
CVE-2022-40630
was published
Sep 25, 2022
Apache Airflow Session Fixation vulnerability
Critical
CVE-2022-38054
was published
for
apache-airflow
(pip)
Sep 3, 2022
Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 allows attackers to access the core log...
High
Unreviewed
CVE-2022-34536
was published
Jul 20, 2022
Session fixation vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack...
High
Unreviewed
CVE-2016-10205
was published
May 17, 2022
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior,...
Moderate
Unreviewed
CVE-2017-5141
was published
May 17, 2022
Session fixation vulnerability in the forgot password mechanism in Revive Adserver before 4.0.1,...
Moderate
Unreviewed
CVE-2017-5831
was published
May 17, 2022
In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could occur, aka NSWA-1310.
High
Unreviewed
CVE-2017-6412
was published
May 17, 2022
IBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly update the SESSIONID with...
Moderate
Unreviewed
CVE-2017-1152
was published
May 17, 2022
IBM Jazz Foundation could allow an authenticated user to take over a previously logged in user...
Moderate
Unreviewed
CVE-2016-6040
was published
May 17, 2022
Tivoli Storage Manager Operations Center could allow a local user to take over a previously...
High
Unreviewed
CVE-2016-6043
was published
May 17, 2022
Hybridsessions does not expire session id on logout
Moderate
CVE-2022-24444
was published
for
silverstripe/hybridsessions
(Composer)
Jun 29, 2022
Session Side jacking vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9...
High
Unreviewed
CVE-2017-4014
was published
May 17, 2022
Session fixation vulnerability in access control management in Synology Photo Station before 6.8...
High
Unreviewed
CVE-2022-22681
was published
Jul 7, 2022
IBM Security Identity Manager Virtual Appliance does not invalidate session tokens which could...
Low
Unreviewed
CVE-2016-9703
was published
May 17, 2022
Session fixation vulnerability in Cybozu Garoon 4.0.0 to 4.2.4 allows remote attackers to perform...
Moderate
Unreviewed
CVE-2017-2145
was published
May 17, 2022
Nextcloud Server before 11.0.3 is vulnerable to an improper session handling allowed an...
Moderate
Unreviewed
CVE-2017-0892
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API