GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,013
Erlang
29
GitHub Actions
16
Go
1,806
Maven
5,000+
npm
3,553
NuGet
632
pip
3,148
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
185 advisories
Filter by severity
An issue in Outline <= v0.76.1 allows attackers to execute a session hijacking attack via user...
High
Unreviewed
CVE-2024-37829
was published
Jul 9, 2024
A session fixation vulnerability in Bludit allows an attacker to bypass the server's...
Unknown
Unreviewed
CVE-2024-24552
was published
Jun 24, 2024
IBM Storage Scale 5.1.0.0 through 5.1.9.2 could allow an authenticated user to steal or...
Moderate
Unreviewed
CVE-2023-38002
was published
Apr 30, 2024
eQ-3 HomeMatic CCU3 firmware 3.41.11 allows session fixation. An attacker can create session IDs...
High
Unreviewed
CVE-2019-15849
was published
May 24, 2022
Sielco PolyEco1000 is vulnerable to a session hijack vulnerability due to the cookie being...
Critical
Unreviewed
CVE-2023-0897
was published
Oct 26, 2023
A session fixation vulnerability in South River Technologies' Titan MFT and Titan SFTP servers on...
High
Unreviewed
CVE-2023-45687
was published
Oct 16, 2023
Insecure Permissions vulnerability in icmsdev iCMS v.7.0.16 allows a remote attacker to obtain...
Critical
Unreviewed
CVE-2023-42322
was published
Sep 20, 2023
Session Fixation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows...
High
Unreviewed
CVE-2023-3711
was published
Sep 12, 2023
An issue in China Mobile Communications China Mobile Intelligent Home Gateway v.HG6543C4 allows a...
Critical
Unreviewed
CVE-2023-41012
was published
Sep 5, 2023
In certain conditions, depending on timing and the usage of the Chrome web browser, Guardian/CMC...
High
Unreviewed
CVE-2023-24477
was published
Aug 9, 2023
Some access control products are vulnerable to a session hijacking attack because the product...
High
Unreviewed
CVE-2023-28809
was published
Jun 15, 2023
A security vulnerability has been discovered in the implementation of 2FA on the rocket.chat...
Critical
Unreviewed
CVE-2023-28316
was published
May 10, 2023
A session takeover vulnerability exists in FICO Origination Manager Decision Module 4.8.1 due to...
High
Unreviewed
CVE-2023-30056
was published
May 9, 2023
An issue has been discovered in GitLab affecting all versions starting from 11.9 before 15.9.6,...
Moderate
Unreviewed
CVE-2023-1265
was published
May 3, 2023
An issue was discovered in Simmeth Lieferantenmanager before 5.6. Due to errors in session...
High
Unreviewed
CVE-2022-44017
was published
Dec 25, 2022
Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0...
Moderate
Unreviewed
CVE-2022-38628
was published
Dec 13, 2022
On versions 3.0.0-3.3.0, the NGINX Controller webserver does not invalidate the server-side...
High
Unreviewed
CVE-2020-5894
was published
May 24, 2022
Initially, a user opens a Private Browsing Window and generates a password for a site, then...
Low
Unreviewed
CVE-2020-6824
was published
May 24, 2022
An issue was discovered in DAViCal Andrew's Web Libraries (AWL) through 0.60. Session management...
High
Unreviewed
CVE-2020-11728
was published
May 24, 2022
Insufficient session validation in Intel(R) Baseboard Management Controller firmware may allow an...
High
Unreviewed
CVE-2019-11173
was published
May 24, 2022
clonos.php in ClonOS WEB control panel 19.09 allows remote attackers to gain full access via...
Critical
Unreviewed
CVE-2019-18418
was published
May 24, 2022
An internal product security audit discovered a session handling vulnerability in the web...
High
Unreviewed
CVE-2019-6161
was published
May 24, 2022
A remote session reuse vulnerability was discovered in HPE 3PAR Service Processor version(s):...
Moderate
Unreviewed
CVE-2019-5400
was published
May 24, 2022
A remote session reuse vulnerability was discovered in HPE 3PAR StoreServ Management and Core...
High
Unreviewed
CVE-2019-5406
was published
May 24, 2022
On eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16, automatic login...
High
Unreviewed
CVE-2019-10120
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API