Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,318
Erlang
31
GitHub Actions
21
Go
2,074
Maven
5,000+
npm
3,746
NuGet
674
pip
3,434
Pub
12
RubyGems
892
Rust
880
Swift
37
Unreviewed advisories
All unreviewed
5,000+

117 advisories

Loading
A remote session reuse vulnerability was discovered in HPE 3PAR Service Processor version(s):... Moderate Unreviewed
CVE-2019-5400 was published May 24, 2022
IBM WebSphere Application Server - Liberty could allow a remote attacker to bypass security... Moderate Unreviewed
CVE-2019-4304 was published May 24, 2022
A session fixation vulnerability in J-Web on Junos OS may allow an attacker to use social... Moderate Unreviewed
CVE-2019-0062 was published May 24, 2022
IBM Security Directory Server 6.4.0 does not set the secure attribute on authorization tokens or... Moderate Unreviewed
CVE-2019-4563 was published May 24, 2022
IBM Financial Transaction Manager 3.0.6 and 3.1.0 does not invalidate session after logout which... Moderate Unreviewed
CVE-2020-4555 was published May 24, 2022
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 does not invalidate session after a password... Moderate Unreviewed
CVE-2020-5021 was published May 24, 2022
IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to bypass... Moderate Unreviewed
CVE-2020-4954 was published May 24, 2022
Pi-hole 5.0, 5.1, and 5.1.1 allows Session Fixation. The application does not generate a new... Moderate Unreviewed
CVE-2020-35591 was published May 24, 2022
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are... Moderate Unreviewed
CVE-2019-18946 was published May 24, 2022
Cubecart 6.4.2 allows Session Fixation. The application does not generate a new session cookie... Moderate Unreviewed
CVE-2021-33394 was published May 24, 2022
A session fixation vulnerability was discovered in Ice Hrm 29.0.0 OS which allows an attacker to... Moderate Unreviewed
CVE-2021-35046 was published May 24, 2022
Under specialized conditions, GitLab may allow a user with an impersonation token to perform Git... Moderate Unreviewed
CVE-2021-22237 was published May 24, 2022
Session fixation on password protected public links in the ownCloud Server before 10.8.0 allows... Moderate Unreviewed
CVE-2021-35948 was published May 24, 2022
As of v1.5.0, the Argo web interface authentication system issued immutable tokens.... Moderate Unreviewed
CVE-2020-8826 was published May 24, 2022
Improper user session handling in filegator Moderate
CVE-2022-1849 was published for filegator/filegator (Composer) May 25, 2022
Hybridsessions does not expire session id on logout Moderate
CVE-2022-24444 was published for silverstripe/hybridsessions (Composer) Jun 29, 2022
Passport vulnerable to session regeneration when a users logs in or out Moderate
CVE-2022-25896 was published for passport (npm) Jul 2, 2022
jhutchings1
Dell Wyse Management Suite 3.6.1 and below contains a Session Fixation vulnerability. A... Moderate Unreviewed
CVE-2022-33927 was published Aug 11, 2022
Insufficient Session Expiration in snipe/snipe-it Moderate
CVE-2022-2997 was published for snipe/snipe-it (Composer) Aug 26, 2022
Apache IoTDB Session Fixation vulnerability Moderate
CVE-2022-38369 was published for apache-iotdb (Maven) Sep 6, 2022
IBM Sterling Partner Engagement Manager 2.0 does not invalidate session after logout which could... Moderate Unreviewed
CVE-2022-34334 was published Oct 11, 2022
Concrete CMS vulnerable to Session Fixation Moderate
CVE-2022-43687 was published for concrete5/concrete5 (Composer) Nov 15, 2022
Session fixation exists in ZoneMinder through 1.36.12 as an attacker can poison a session cookie... Moderate Unreviewed
CVE-2022-30769 was published Nov 16, 2022
An issue was discovered in Appalti & Contratti 9.12.2. It allows Session Fixation. When a user... Moderate Unreviewed
CVE-2022-44788 was published Nov 22, 2022
Tribal Systems Zenario CMS vulnerable to Session Fixation Moderate
CVE-2022-4231 was published for tribalsystems/zenario (Composer) Nov 30, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database