Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,976
Erlang
29
GitHub Actions
16
Go
1,765
Maven
4,990
npm
3,529
NuGet
615
pip
3,099
Pub
10
RubyGems
837
Rust
785
Swift
34
Unreviewed advisories
All unreviewed
5,000+

264 advisories

Loading
Jenkins SAML Plugin Session Fixation vulnerability Moderate
CVE-2018-1000602 was published for org.jenkins-ci.plugins:saml (Maven) May 14, 2022
Jenkins Gitlab Authentication Plugin vulnerable to Session Fixation High
CVE-2019-10371 was published for org.jenkins-ci.plugins:gitlab-oauth (Maven) May 24, 2022
A privilege escalation issue was found in PHP Gurukul Hospital Management System In v.4.0 allows... Critical Unreviewed
CVE-2023-31498 was published May 11, 2023
An issue was discovered in Barrier before 2.4.0. An attacker can enter an active session state... High Unreviewed
CVE-2021-42073 was published May 24, 2022
Symfony possible session fixation vulnerability Moderate
CVE-2023-46733 was published for symfony/security-http (Composer) Nov 12, 2023
RobertMe
Session Fixation in GitHub repository fossbilling/fossbilling prior to 0.5.1. Moderate Unreviewed
CVE-2023-3394 was published Jun 23, 2023
Certain NetModule devices allow Limited Session Fixation via PHPSESSID. These models with... Critical Unreviewed
CVE-2021-39290 was published May 24, 2022
Session fixation vulnerability in Rails Moderate
CVE-2007-5380 was published for rails (RubyGems) Oct 24, 2017
Session fixation in fastify-passport High
CVE-2023-29019 was published for @fastify/passport (npm) Apr 21, 2023
pedromigueladao lavish
Uptime Kuma has Persistentent User Sessions High
CVE-2023-44400 was published for uptime-kuma (npm) Oct 10, 2023
Nansess dj4oC
Versions of Puppet Enterprise prior to 2021.7.6 and 2023.5 contain a flaw which results in broken... Moderate Unreviewed
CVE-2023-5309 was published Nov 7, 2023
Jenkins WSO2 Oauth Plugin Session Fixation vulnerability High
CVE-2023-33005 was published for org.jenkins-ci.plugins:wso2id-oauth (Maven) May 16, 2023
Session Fixation in GitHub repository instantsoft/icms2 prior to 2.16.1. Moderate Unreviewed
CVE-2023-4649 was published Aug 31, 2023
Apache Airflow Session Fixation vulnerability High
CVE-2023-40273 was published for apache-airflow (pip) Aug 23, 2023
Froxlor Session Fixation vulnerability Moderate
CVE-2023-3192 was published for froxlor/froxlor (Composer) Jun 11, 2023
Jenkins OpenShift Login Plugin session fixation vulnerability High
CVE-2023-37946 was published for org.openshift.jenkins:openshift-login (Maven) Jul 12, 2023
Session Fixation in ipsilon Critical
CVE-2016-8638 was published for ipsilon (pip) May 14, 2022
tdunlap607
Passport vulnerable to session regeneration when a users logs in or out Moderate
CVE-2022-25896 was published for passport (npm) Jul 2, 2022
jhutchings1
rest-client Gem Vulnerable to Session Fixation Critical
CVE-2015-1820 was published for rest-client (RubyGems) Aug 13, 2018
aiohttp-session Session Fixation vulnerability Moderate
CVE-2018-1000519 was published for aiohttp-session (pip) Sep 13, 2018
TP-Link TL-WA850RE Wi-Fi Range Extender before v6_200923 was discovered to use highly predictable... Critical Unreviewed
CVE-2022-22922 was published Feb 19, 2022
CodeIgniter Session Fixation Vulnerability Critical
CVE-2018-12071 was published for codeigniter/framework (Composer) May 14, 2022
KubePi session fixation attack allows an attacker to hijack a legitimate user session. High
CVE-2023-22479 was published for github.com/KubeOperator/kubepi (Go) Jan 9, 2023
Symfony vulnerable to Session Fixation of CSRF tokens Moderate
CVE-2022-24895 was published for symfony/security-bundle (Composer) Feb 1, 2023
nicolas-grekas lavish
Improper Access Control in GitHub repository namelessmc/nameless prior to v2.0.2. High Unreviewed
CVE-2022-2820 was published Aug 16, 2022
ProTip! Advisories are also available from the GraphQL API