Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,313
Erlang
31
GitHub Actions
21
Go
2,072
Maven
5,000+
npm
3,744
NuGet
669
pip
3,433
Pub
12
RubyGems
892
Rust
880
Swift
37
Unreviewed advisories
All unreviewed
5,000+

295 advisories

Loading
A security vulnerability has been discovered in the implementation of 2FA on the rocket.chat... Critical Unreviewed
CVE-2023-28316 was published May 10, 2023
A session takeover vulnerability exists in FICO Origination Manager Decision Module 4.8.1 due to... High Unreviewed
CVE-2023-30056 was published May 9, 2023
An issue has been discovered in GitLab affecting all versions starting from 11.9 before 15.9.6,... Moderate Unreviewed
CVE-2023-1265 was published May 3, 2023
Session fixation in fastify-passport High
CVE-2023-29019 was published for @fastify/passport (npm) Apr 21, 2023
pedromigueladao lavish
alextselegidis/easyappointments Session Fixation vulnerability Moderate
CVE-2023-2105 was published for alextselegidis/easyappointments (Composer) Apr 15, 2023
Session Fixation vulnerability in in function login in class.auth.php in osTicket through 1.16.2. High Unreviewed
CVE-2022-31888 was published Apr 6, 2023
Moodle Session Fixation vulnerability High
CVE-2021-36394 was published for moodle/moodle (Composer) Mar 6, 2023
A condition for session fixation vulnerability [CWE-384] in the session management of FortiWeb... Critical Unreviewed
CVE-2021-42761 was published Feb 16, 2023
Symfony vulnerable to Session Fixation of CSRF tokens Moderate
CVE-2022-24895 was published for symfony/security-bundle (Composer) Feb 1, 2023
nicolas-grekas lavish
Session fixation vulnerability in Jenkins Keycloak Authentication Plugin Critical
CVE-2023-24456 was published for org.jenkins-ci.plugins:keycloak (Maven) Jan 26, 2023
Session fixation vulnerability in Jenkins OpenID Plugin High
CVE-2023-24444 was published for org.jenkins-ci.plugins:openid (Maven) Jan 26, 2023
Session fixation vulnerability in Jenkins OpenId Connect Authentication Plugin High
CVE-2023-24424 was published for org.jenkins-ci.plugins:oic-auth (Maven) Jan 26, 2023
Session fixation vulnerability in Jenkins Bitbucket OAuth Plugin Critical
CVE-2023-24427 was published for org.jenkins-ci.plugins:bitbucket-oauth (Maven) Jan 26, 2023
Session fixation vulnerability in CuppaCMS thru commit 4c9b742b23b924cf4c1f943f48b278e06a17e297... High Unreviewed
CVE-2021-29368 was published Jan 20, 2023
KubePi session fixation attack allows an attacker to hijack a legitimate user session. High
CVE-2023-22479 was published for github.com/KubeOperator/kubepi (Go) Jan 9, 2023
A vulnerability, which was classified as critical, has been found in kassi xingwall. This issue... Moderate Unreviewed
CVE-2014-125048 was published Jan 6, 2023
A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise... Moderate Unreviewed
CVE-2022-43529 was published Jan 5, 2023
Hazelcast connection caching Critical
CVE-2022-36437 was published for com.hazelcast.jet:hazelcast-jet (Maven) Dec 27, 2022
An issue was discovered in Simmeth Lieferantenmanager before 5.6. Due to errors in session... High Unreviewed
CVE-2022-44017 was published Dec 25, 2022
An OAuth session fixation vulnerability existed in the VPN login flow, where an attacker could... High Unreviewed
CVE-2020-15679 was published Dec 22, 2022
Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0... Moderate Unreviewed
CVE-2022-38628 was published Dec 13, 2022
Tribal Systems Zenario CMS vulnerable to Session Fixation Moderate
CVE-2022-4231 was published for tribalsystems/zenario (Composer) Nov 30, 2022
An issue was discovered in Appalti & Contratti 9.12.2. It allows Session Fixation. When a user... Moderate Unreviewed
CVE-2022-44788 was published Nov 22, 2022
An issue was discovered in BACKCLICK Professional 5.9.63. Due to an unsafe implementation of... High Unreviewed
CVE-2022-44007 was published Nov 17, 2022
Session fixation exists in ZoneMinder through 1.36.12 as an attacker can poison a session cookie... Moderate Unreviewed
CVE-2022-30769 was published Nov 16, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database