GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,350
Composer 4,134
Erlang 29
GitHub Actions 19
Go 1,941
Maven 5,135
npm 3,681
NuGet 650
pip 3,298
Pub 11
RubyGems 877
Rust 830
Swift 35

Unreviewed advisories

All unreviewed 231,419

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

277 advisories

Filter by severity

Sort by

Least recently updated

IBM QRadar SIEM 7.3, 7.4, and 7.5 in some situations may not automatically log users out after... Critical Unreviewed

CVE-2021-38869 was published Apr 28, 2022

Cubecart 6.4.2 allows Session Fixation. The application does not generate a new session cookie... Moderate Unreviewed

CVE-2021-33394 was published May 24, 2022

A session fixation vulnerability was discovered in Ice Hrm 29.0.0 OS which allows an attacker to... Moderate Unreviewed

CVE-2021-35046 was published May 24, 2022

Insufficient Session Expiration in snipe/snipe-it Moderate

CVE-2022-2997 was published for snipe/snipe-it (Composer) Aug 26, 2022

In VOS user session identifier (authentication token) is issued to the browser prior to... High Unreviewed

CVE-2018-16495 was published May 24, 2022

Pi-hole 5.0, 5.1, and 5.1.1 allows Session Fixation. The application does not generate a new... Moderate Unreviewed

CVE-2020-35591 was published May 24, 2022

IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to bypass... Moderate Unreviewed

CVE-2020-4954 was published May 24, 2022

The authentication token required to execute NSDP write requests on NETGEAR JGS516PE/GS116Ev2 v2... High Unreviewed

CVE-2020-35229 was published May 24, 2022

Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are... Moderate Unreviewed

CVE-2019-18946 was published May 24, 2022

An OAuth session fixation vulnerability existed in the VPN login flow, where an attacker could... High Unreviewed

CVE-2020-15679 was published Dec 22, 2022

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 does not invalidate session after a password... Moderate Unreviewed

CVE-2020-5021 was published May 24, 2022

IBM Security Directory Server 6.4.0 does not set the secure attribute on authorization tokens or... Moderate Unreviewed

CVE-2019-4563 was published May 24, 2022

IBM Financial Transaction Manager 3.0.6 and 3.1.0 does not invalidate session after logout which... Moderate Unreviewed

CVE-2020-4555 was published May 24, 2022

Session fixation vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series ... High Unreviewed

CVE-2020-5654 was published May 24, 2022

Session Fixation in WildFly Elytron High

CVE-2020-10714 was published for org.wildfly.security:wildfly-elytron (Maven) Feb 15, 2022

rdiffweb vulnerable to account access via session fixation Critical

CVE-2022-3269 was published for rdiffweb (pip) Sep 25, 2022

IBM Cloud Private 3.1.0, 3.1.1, and 3.1.2 does not invalidate session after logout which could... Moderate Unreviewed

CVE-2019-4439 was published May 24, 2022

A session fixation vulnerability in J-Web on Junos OS may allow an attacker to use social... Moderate Unreviewed

CVE-2019-0062 was published May 24, 2022

In Apache Tomcat, when using FORM authentication there was a narrow window where an attacker could perform a session fixation attack High

CVE-2019-17563 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Dec 26, 2019

Jenkins Google Login Plugin Session Fixation vulnerability Moderate

CVE-2018-1000173 was published for org.jenkins-ci.plugins:google-login (Maven) May 14, 2022

A vulnerability, which was classified as critical, has been found in kassi xingwall. This issue... Moderate Unreviewed

CVE-2014-125048 was published Jan 6, 2023

Session fixation exists in ZoneMinder through 1.36.12 as an attacker can poison a session cookie... Moderate Unreviewed

CVE-2022-30769 was published Nov 16, 2022

IBM MQ 8.0.0.4 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 AMQP Listeners... High Unreviewed

CVE-2019-4227 was published May 24, 2022

IBM WebSphere Application Server - Liberty could allow a remote attacker to bypass security... Moderate Unreviewed

CVE-2019-4304 was published May 24, 2022

This vulnerability exists in Tacitine Firewall, all versions of EN6200-PRIME QUAD-35 and EN6200... Critical Unreviewed

CVE-2022-40630 was published Sep 25, 2022

Previous 1 2 … 8 9 10 11 12 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

277 advisories