GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 19,370
Composer 3,968
Erlang 29
GitHub Actions 16
Go 1,749
Maven 4,978
npm 3,509
NuGet 609
pip 3,084
Pub 10
RubyGems 832
Rust 782
Swift 34

Unreviewed advisories

All unreviewed 221,289

CC-BY-4.0 License

Language support

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

263 advisories

Filter by severity

Sort by

Least recently updated

rdiffweb vulnerable to account access via session fixation Critical

CVE-2022-3269 was published for rdiffweb (pip) Sep 25, 2022

IBM Cloud Private 3.1.0, 3.1.1, and 3.1.2 does not invalidate session after logout which could... Moderate Unreviewed

CVE-2019-4439 was published May 24, 2022

A session fixation vulnerability in J-Web on Junos OS may allow an attacker to use social... Moderate Unreviewed

CVE-2019-0062 was published May 24, 2022

In Apache Tomcat, when using FORM authentication there was a narrow window where an attacker could perform a session fixation attack High

CVE-2019-17563 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Dec 26, 2019

Jenkins Google Login Plugin Session Fixation vulnerability Moderate

CVE-2018-1000173 was published for org.jenkins-ci.plugins:google-login (Maven) May 14, 2022

A vulnerability, which was classified as critical, has been found in kassi xingwall. This issue... Moderate Unreviewed

CVE-2014-125048 was published Jan 6, 2023

Session fixation exists in ZoneMinder through 1.36.12 as an attacker can poison a session cookie... Moderate Unreviewed

CVE-2022-30769 was published Nov 16, 2022

IBM MQ 8.0.0.4 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 AMQP Listeners... High Unreviewed

CVE-2019-4227 was published May 24, 2022

IBM WebSphere Application Server - Liberty could allow a remote attacker to bypass security... Moderate Unreviewed

CVE-2019-4304 was published May 24, 2022

This vulnerability exists in Tacitine Firewall, all versions of EN6200-PRIME QUAD-35 and EN6200... Critical Unreviewed

CVE-2022-40630 was published Sep 25, 2022

Apache Airflow Session Fixation vulnerability Critical

CVE-2022-38054 was published for apache-airflow (pip) Sep 3, 2022

Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 allows attackers to access the core log... High Unreviewed

CVE-2022-34536 was published Jul 20, 2022

Session fixation vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack... High Unreviewed

CVE-2016-10205 was published May 17, 2022

An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior,... Moderate Unreviewed

CVE-2017-5141 was published May 17, 2022

Session fixation vulnerability in the forgot password mechanism in Revive Adserver before 4.0.1,... Moderate Unreviewed

CVE-2017-5831 was published May 17, 2022

In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could occur, aka NSWA-1310. High Unreviewed

CVE-2017-6412 was published May 17, 2022

IBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly update the SESSIONID with... Moderate Unreviewed

CVE-2017-1152 was published May 17, 2022

IBM Jazz Foundation could allow an authenticated user to take over a previously logged in user... Moderate Unreviewed

CVE-2016-6040 was published May 17, 2022

Tivoli Storage Manager Operations Center could allow a local user to take over a previously... High Unreviewed

CVE-2016-6043 was published May 17, 2022

Hybridsessions does not expire session id on logout Moderate

CVE-2022-24444 was published for silverstripe/hybridsessions (Composer) Jun 29, 2022

Session Side jacking vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9... High Unreviewed

CVE-2017-4014 was published May 17, 2022

Session fixation vulnerability in access control management in Synology Photo Station before 6.8... High Unreviewed

CVE-2022-22681 was published Jul 7, 2022

IBM Security Identity Manager Virtual Appliance does not invalidate session tokens which could... Low Unreviewed

CVE-2016-9703 was published May 17, 2022

Session fixation vulnerability in Cybozu Garoon 4.0.0 to 4.2.4 allows remote attackers to perform... Moderate Unreviewed

CVE-2017-2145 was published May 17, 2022

Nextcloud Server before 11.0.3 is vulnerable to an improper session handling allowed an... Moderate Unreviewed

CVE-2017-0892 was published May 13, 2022

Previous 1 2 … 7 8 9 10 11 Next

ProTip! Advisories are also available from the GraphQL API

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

263 advisories