GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
256 advisories
Filter by severity
Insecure Permissions vulnerability in icmsdev iCMS v.7.0.16 allows a remote attacker to obtain...
Critical
Unreviewed
CVE-2023-42322
was published
Sep 20, 2023
Session Fixation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows...
High
Unreviewed
CVE-2023-3711
was published
Sep 12, 2023
An issue in China Mobile Communications China Mobile Intelligent Home Gateway v.HG6543C4 allows a...
Critical
Unreviewed
CVE-2023-41012
was published
Sep 5, 2023
Session Fixation in GitHub repository instantsoft/icms2 prior to 2.16.1.
Moderate
Unreviewed
CVE-2023-4649
was published
Aug 31, 2023
Apache Airflow Session Fixation vulnerability
High
CVE-2023-40273
was published
for
apache-airflow
(pip)
Aug 23, 2023
In certain conditions, depending on timing and the usage of the Chrome web browser, Guardian/CMC...
High
Unreviewed
CVE-2023-24477
was published
Aug 9, 2023
Jenkins OpenShift Login Plugin session fixation vulnerability
High
CVE-2023-37946
was published
for
org.openshift.jenkins:openshift-login
(Maven)
Jul 12, 2023
Session Fixation in GitHub repository fossbilling/fossbilling prior to 0.5.1.
Moderate
Unreviewed
CVE-2023-3394
was published
Jun 23, 2023
Some access control products are vulnerable to a session hijacking attack because the product...
High
Unreviewed
CVE-2023-28809
was published
Jun 15, 2023
Froxlor Session Fixation vulnerability
Moderate
CVE-2023-3192
was published
for
froxlor/froxlor
(Composer)
Jun 11, 2023
Jenkins CAS Plugin Session Fixation vulnerability
High
CVE-2023-32997
was published
for
org.jenkins-ci.plugins:cas-plugin
(Maven)
May 16, 2023
Jenkins WSO2 Oauth Plugin Session Fixation vulnerability
High
CVE-2023-33005
was published
for
org.jenkins-ci.plugins:wso2id-oauth
(Maven)
May 16, 2023
A privilege escalation issue was found in PHP Gurukul Hospital Management System In v.4.0 allows...
Critical
Unreviewed
CVE-2023-31498
was published
May 11, 2023
A security vulnerability has been discovered in the implementation of 2FA on the rocket.chat...
Critical
Unreviewed
CVE-2023-28316
was published
May 10, 2023
A session takeover vulnerability exists in FICO Origination Manager Decision Module 4.8.1 due to...
High
Unreviewed
CVE-2023-30056
was published
May 9, 2023
An issue has been discovered in GitLab affecting all versions starting from 11.9 before 15.9.6,...
Moderate
Unreviewed
CVE-2023-1265
was published
May 3, 2023
Session fixation in fastify-passport
High
CVE-2023-29019
was published
for
@fastify/passport
(npm)
Apr 21, 2023
alextselegidis/easyappointments Session Fixation vulnerability
Moderate
CVE-2023-2105
was published
for
alextselegidis/easyappointments
(Composer)
Apr 15, 2023
Session Fixation vulnerability in in function login in class.auth.php in osTicket through 1.16.2.
High
Unreviewed
CVE-2022-31888
was published
Apr 6, 2023
Moodle Session Fixation vulnerability
High
CVE-2021-36394
was published
for
moodle/moodle
(Composer)
Mar 6, 2023
A condition for session fixation vulnerability [CWE-384] in the session management of FortiWeb...
Critical
Unreviewed
CVE-2021-42761
was published
Feb 16, 2023
Symfony vulnerable to Session Fixation of CSRF tokens
Moderate
CVE-2022-24895
was published
for
symfony/security-bundle
(Composer)
Feb 1, 2023
Session fixation vulnerability in Jenkins Keycloak Authentication Plugin
Critical
CVE-2023-24456
was published
for
org.jenkins-ci.plugins:keycloak
(Maven)
Jan 26, 2023
Session fixation vulnerability in Jenkins OpenID Plugin
High
CVE-2023-24444
was published
for
org.jenkins-ci.plugins:openid
(Maven)
Jan 26, 2023
Session fixation vulnerability in Jenkins OpenId Connect Authentication Plugin
High
CVE-2023-24424
was published
for
org.jenkins-ci.plugins:oic-auth
(Maven)
Jan 26, 2023
ProTip!
Advisories are also available from the
GraphQL API