GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,013
Erlang
29
GitHub Actions
16
Go
1,806
Maven
5,000+
npm
3,553
NuGet
632
pip
3,148
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+
265 advisories
Filter by severity
Session fixation vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack web...
Critical
Unreviewed
CVE-2017-12965
was published
May 14, 2022
An issue was discovered in Cloud Foundry Foundation Cloud Foundry release v252 and earlier...
High
Unreviewed
CVE-2017-4963
was published
May 14, 2022
An issue was discovered on PHOENIX CONTACT FL NAT SMCS 8TX, FL NAT SMN 8TX, FL NAT SMN 8TX-M, and...
High
Unreviewed
CVE-2019-9744
was published
May 14, 2022
Dell Wyse Management Suite 3.6.1 and below contains a Session Fixation vulnerability. A...
Moderate
Unreviewed
CVE-2022-33927
was published
Aug 11, 2022
Honeywell NVR devices allow remote attackers to create a user account in the admin group by...
High
Unreviewed
CVE-2017-14263
was published
May 13, 2022
An issue was discovered in Mahara before 15.04.14, 16.x before 16.04.8, 16.10.x before 16.10.5,...
High
Unreviewed
CVE-2017-14163
was published
May 13, 2022
ubuntu-image 1.0 before 2017-07-07, when invoked as non-root, creates files in the resulting...
Moderate
Unreviewed
CVE-2017-10600
was published
May 13, 2022
Session cookies are not used for maintaining valid sessions in iTrack Easy. The user's password...
Critical
Unreviewed
CVE-2016-6545
was published
May 13, 2022
Revive Adserver before 3.2.3 suffers from session fixation, by allowing arbitrary session...
Critical
Unreviewed
CVE-2016-9125
was published
May 13, 2022
nss before version 3.30 is vulnerable to a remote denial of service during the session handshake...
Moderate
Unreviewed
CVE-2016-9574
was published
May 13, 2022
A vulnerability in the session identification management functionality of the web-based...
Moderate
Unreviewed
CVE-2018-0359
was published
May 13, 2022
A vulnerability in the web functionality of the Cisco Prime LAN Management Solution could allow...
Moderate
Unreviewed
CVE-2017-12225
was published
May 13, 2022
IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 does not set the secure...
Moderate
Unreviewed
CVE-2017-1368
was published
May 13, 2022
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior,...
Moderate
Unreviewed
CVE-2018-10591
was published
May 13, 2022
Session fixation vulnerability in the web interface in McAfee Network Security Manager (NSM)...
Critical
Unreviewed
CVE-2017-3968
was published
May 13, 2022
Tendrl API in Red Hat Gluster Storage before 3.4.0 does not immediately remove session tokens...
High
Unreviewed
CVE-2018-1127
was published
May 13, 2022
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does not renew a session variable after...
High
Unreviewed
CVE-2018-1375
was published
May 13, 2022
IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not set the secure attribute...
Moderate
Unreviewed
CVE-2018-1484
was published
May 13, 2022
IBM Jazz Foundation products could allow a user with physical access to the system to log in as...
Moderate
Unreviewed
CVE-2018-1492
was published
May 13, 2022
IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not renew a session...
Moderate
Unreviewed
CVE-2018-1626
was published
May 13, 2022
A vulnerability in the implementation of Security Assertion Markup Language (SAML) Single Sign-On...
Moderate
Unreviewed
CVE-2018-0229
was published
May 13, 2022
Session fixation vulnerability in SYNO.PhotoStation.Auth in Synology Photo Station before 6.8.7...
Moderate
Unreviewed
CVE-2018-13282
was published
May 13, 2022
IBM Security Identity Manager 7.0.1 Virtual Appliance does not invalidate session tokens when the...
Low
Unreviewed
CVE-2018-1962
was published
May 13, 2022
Navarino Infinity is prone to session fixation attacks. The server accepts the session ID as a...
High
Unreviewed
CVE-2018-5385
was published
May 13, 2022
A Session Fixation issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000,...
High
Unreviewed
CVE-2018-5465
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API