GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,013
Erlang
29
GitHub Actions
16
Go
1,806
Maven
5,000+
npm
3,553
NuGet
632
pip
3,148
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+
80 advisories
Filter by severity
Session Middleware Token Injection Vulnerability
Critical
CVE-2024-38513
was published
for
github.com/gofiber/fiber
(Go)
Jul 1, 2024
Unauthenticated Access to sensitive settings in Argo CD
Moderate
CVE-2024-37152
was published
for
github.com/argoproj/argo-cd/v2/server
(Go)
Jun 6, 2024
Zend-Session session validation vulnerability
Moderate
GHSA-96c6-m98x-hxjx
was published
for
zendframework/zend-session
(Composer)
Jun 7, 2024
Zendframework session validation vulnerability
Moderate
GHSA-62f6-h68r-3jpw
was published
for
zendframework/zendframework
(Composer)
Jun 7, 2024
TYPO3 frontend login vulnerable to Session Fixation
High
GHSA-r9vc-jfmh-6j48
was published
for
typo3/cms
(Composer)
May 30, 2024
TYPO3 Security Misconfiguration in User Session Handling
Moderate
GHSA-xmgr-jff3-fcfv
was published
for
typo3/cms-core
(Composer)
May 30, 2024
silverstripe/framework's User-Agent header not correctly invalidating user session
High
GHSA-4qx8-j9vh-2628
was published
for
silverstripe/framework
(Composer)
May 27, 2024
Laravel Hijacked authentication cookies vulnerability
Moderate
GHSA-p62r-7637-3wwc
was published
for
laravel/framework
(Composer)
May 15, 2024
Laravel Hijacked authentication cookies vulnerability
Moderate
GHSA-q4xf-7fw5-4x8v
was published
for
illuminate/auth
(Composer)
May 15, 2024
SimpleSAMLphp Session fixation issue and authentication bypass in the authcrypt module
Critical
CVE-2017-12868
was published
for
simplesamlphp/simplesamlphp
(Composer)
May 14, 2022
Keycloak vulnerable to session hijacking via re-authentication
Moderate
CVE-2023-6787
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
phpMyAdmin Bypass logout timeout
Moderate
CVE-2016-9851
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 17, 2022
Enabling Authentication does not close all logged in socket connections immediately
Low
GHSA-23q2-5gf8-gjpp
was published
for
uptime-kuma
(npm)
Apr 19, 2024
zenml Session Fixation vulnerability
Moderate
CVE-2024-2260
was published
for
zenml
(pip)
Apr 16, 2024
Contao: Remember-me tokens will not be cleared after a password change
Moderate
CVE-2024-30262
was published
for
contao/core-bundle
(Composer)
Apr 9, 2024
com.enonic.xp:lib-auth vulnerable to Session Fixation
Critical
GHSA-4m5p-5w5w-3jcf
was published
for
com.enonic.xp:lib-auth
(Maven)
Oct 12, 2022
Liferay Portal's account lockout does not invalidate existing user sessions
Moderate
CVE-2023-47798
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 8, 2024
Graylog session fixation vulnerability through cookie injection
Moderate
CVE-2024-24823
was published
for
org.graylog2:graylog2-server
(Maven)
Feb 7, 2024
Magento 2 Community Edition Session Fixation Check
High
CVE-2019-7849
was published
for
magento/community-edition
(Composer)
May 24, 2022
Symfony Session Fixation Vulnerability
High
CVE-2018-11385
was published
for
symfony/security
(Composer)
May 14, 2022
Symfony Session Fixation Vulnerability
Low
CVE-2015-8124
was published
for
symfony/security
(Composer)
May 14, 2022
TYPO3 is vulnerable to Session Fixation
Moderate
CVE-2010-3671
was published
for
typo3/cms-install
(Composer)
Apr 21, 2022
Incorrect persistent NameID generation in SimpleSAMLphp
Critical
CVE-2017-12873
was published
for
simplesamlphp/simplesamlphp
(Composer)
Jan 24, 2020
Session fixation in change password form
Moderate
CVE-2019-12203
was published
for
silverstripe/framework
(Composer)
Nov 12, 2019
Cookie persistence after password changes in symfony/security-bundle
Moderate
CVE-2021-41268
was published
for
symfony/security-bundle
(Composer)
Nov 24, 2021
ProTip!
Advisories are also available from the
GraphQL API