GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
256 advisories
Filter by severity
Session fixation vulnerability in Jenkins Bitbucket OAuth Plugin
Critical
CVE-2023-24427
was published
for
org.jenkins-ci.plugins:bitbucket-oauth
(Maven)
Jan 26, 2023
Session fixation vulnerability in CuppaCMS thru commit 4c9b742b23b924cf4c1f943f48b278e06a17e297...
High
Unreviewed
CVE-2021-29368
was published
Jan 20, 2023
KubePi session fixation attack allows an attacker to hijack a legitimate user session.
High
CVE-2023-22479
was published
for
github.com/KubeOperator/kubepi
(Go)
Jan 9, 2023
A vulnerability, which was classified as critical, has been found in kassi xingwall. This issue...
Moderate
Unreviewed
CVE-2014-125048
was published
Jan 6, 2023
A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise...
Moderate
Unreviewed
CVE-2022-43529
was published
Jan 5, 2023
Hazelcast connection caching
Critical
CVE-2022-36437
was published
for
com.hazelcast.jet:hazelcast-jet
(Maven)
Dec 27, 2022
An issue was discovered in Simmeth Lieferantenmanager before 5.6. Due to errors in session...
High
Unreviewed
CVE-2022-44017
was published
Dec 25, 2022
An OAuth session fixation vulnerability existed in the VPN login flow, where an attacker could...
High
Unreviewed
CVE-2020-15679
was published
Dec 22, 2022
Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0...
Moderate
Unreviewed
CVE-2022-38628
was published
Dec 13, 2022
Tribal Systems Zenario CMS vulnerable to Session Fixation
Moderate
CVE-2022-4231
was published
for
tribalsystems/zenario
(Composer)
Nov 30, 2022
An issue was discovered in Appalti & Contratti 9.12.2. It allows Session Fixation. When a user...
Moderate
Unreviewed
CVE-2022-44788
was published
Nov 22, 2022
An issue was discovered in BACKCLICK Professional 5.9.63. Due to an unsafe implementation of...
High
Unreviewed
CVE-2022-44007
was published
Nov 17, 2022
Session fixation exists in ZoneMinder through 1.36.12 as an attacker can poison a session cookie...
Moderate
Unreviewed
CVE-2022-30769
was published
Nov 16, 2022
Concrete CMS vulnerable to Session Fixation
Moderate
CVE-2022-43687
was published
for
concrete5/concrete5
(Composer)
Nov 15, 2022
VMware Workspace ONE Assist prior to 22.10 contains a Session fixation vulnerability. A malicious...
Critical
Unreviewed
CVE-2022-31689
was published
Nov 10, 2022
A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER...
High
Unreviewed
CVE-2022-43398
was published
Nov 8, 2022
The application was vulnerable to a session fixation that could be used hijack accounts.
Critical
Unreviewed
CVE-2022-40293
was published
Nov 1, 2022
com.enonic.xp:lib-auth vulnerable to Session Fixation
Critical
GHSA-4m5p-5w5w-3jcf
was published
for
com.enonic.xp:lib-auth
(Maven)
Oct 12, 2022
IBM Sterling Partner Engagement Manager 2.0 does not invalidate session after logout which could...
Moderate
Unreviewed
CVE-2022-34334
was published
Oct 11, 2022
A vulnerability has been identified in SICAM P850 (All versions < V3.10), SICAM P850 (All...
High
Unreviewed
CVE-2022-40226
was published
Oct 11, 2022
rdiffweb vulnerable to account access via session fixation
Critical
CVE-2022-3269
was published
for
rdiffweb
(pip)
Sep 25, 2022
This vulnerability exists in Tacitine Firewall, all versions of EN6200-PRIME QUAD-35 and EN6200...
Critical
Unreviewed
CVE-2022-40630
was published
Sep 25, 2022
Apache IoTDB Session Fixation vulnerability
High
CVE-2022-38369
was published
for
apache-iotdb
(Maven)
Sep 6, 2022
Apache Airflow Session Fixation vulnerability
Critical
CVE-2022-38054
was published
for
apache-airflow
(pip)
Sep 3, 2022
Insufficient Session Expiration in snipe/snipe-it
Moderate
CVE-2022-2997
was published
for
snipe/snipe-it
(Composer)
Aug 26, 2022
ProTip!
Advisories are also available from the
GraphQL API