GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,976
Erlang
29
GitHub Actions
16
Go
1,765
Maven
4,990
npm
3,528
NuGet
615
pip
3,099
Pub
10
RubyGems
837
Rust
785
Swift
34
Unreviewed advisories
All unreviewed
5,000+
110 advisories
Filter by severity
TYPO3 frontend login vulnerable to Session Fixation
High
GHSA-r9vc-jfmh-6j48
was published
for
typo3/cms
(Composer)
May 30, 2024
silverstripe/framework's User-Agent header not correctly invalidating user session
High
GHSA-4qx8-j9vh-2628
was published
for
silverstripe/framework
(Composer)
May 27, 2024
eQ-3 HomeMatic CCU3 firmware 3.41.11 allows session fixation. An attacker can create session IDs...
High
Unreviewed
CVE-2019-15849
was published
May 24, 2022
A session fixation vulnerability in South River Technologies' Titan MFT and Titan SFTP servers on...
High
Unreviewed
CVE-2023-45687
was published
Oct 16, 2023
Session Fixation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows...
High
Unreviewed
CVE-2023-3711
was published
Sep 12, 2023
In certain conditions, depending on timing and the usage of the Chrome web browser, Guardian/CMC...
High
Unreviewed
CVE-2023-24477
was published
Aug 9, 2023
Some access control products are vulnerable to a session hijacking attack because the product...
High
Unreviewed
CVE-2023-28809
was published
Jun 15, 2023
A session takeover vulnerability exists in FICO Origination Manager Decision Module 4.8.1 due to...
High
Unreviewed
CVE-2023-30056
was published
May 9, 2023
An issue was discovered in Simmeth Lieferantenmanager before 5.6. Due to errors in session...
High
Unreviewed
CVE-2022-44017
was published
Dec 25, 2022
On versions 3.0.0-3.3.0, the NGINX Controller webserver does not invalidate the server-side...
High
Unreviewed
CVE-2020-5894
was published
May 24, 2022
An issue was discovered in DAViCal Andrew's Web Libraries (AWL) through 0.60. Session management...
High
Unreviewed
CVE-2020-11728
was published
May 24, 2022
Insufficient session validation in Intel(R) Baseboard Management Controller firmware may allow an...
High
Unreviewed
CVE-2019-11173
was published
May 24, 2022
An internal product security audit discovered a session handling vulnerability in the web...
High
Unreviewed
CVE-2019-6161
was published
May 24, 2022
A remote session reuse vulnerability was discovered in HPE 3PAR StoreServ Management and Core...
High
Unreviewed
CVE-2019-5406
was published
May 24, 2022
On eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16, automatic login...
High
Unreviewed
CVE-2019-10120
was published
May 24, 2022
A vulnerability in the session management functionality of the web UI for the Cisco Umbrella...
High
Unreviewed
CVE-2019-1807
was published
May 24, 2022
BPC SmartVista 2 has Session Fixation via the JSESSIONID parameter.
High
Unreviewed
CVE-2018-15208
was published
May 24, 2022
Zoho ManageEngine ServiceDesk 9.3 allows session hijacking and privilege escalation because an...
High
Unreviewed
CVE-2019-10008
was published
May 24, 2022
Session Hijack vulnerability in Deprecated VMware Enhanced Authentication Plug-in could allow a...
High
Unreviewed
CVE-2024-22250
was published
Feb 20, 2024
Magento 2 Community Edition Session Fixation Check
High
CVE-2019-7849
was published
for
magento/community-edition
(Composer)
May 24, 2022
Symfony Session Fixation Vulnerability
High
CVE-2018-11385
was published
for
symfony/security
(Composer)
May 14, 2022
An issue was discovered in Mbed TLS through 3.5.1. In mbedtls_ssl_session_reset, the maximum...
High
Unreviewed
CVE-2023-52353
was published
Jan 22, 2024
Authentication library in TYPO3 vulnerable to session fixation
High
CVE-2009-0256
was published
for
typo3/cms
(Composer)
May 2, 2022
Jenkins CAS Plugin Session Fixation vulnerability
High
CVE-2023-32997
was published
for
org.jenkins-ci.plugins:cas-plugin
(Maven)
May 16, 2023
Session Fixation in Apache CXF
High
CVE-2017-5656
was published
for
org.apache.cxf:cxf-core
(Maven)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API