GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
112 advisories
Filter by severity
Session Fixation in GitHub repository instantsoft/icms2 prior to 2.16.1.
Moderate
Unreviewed
CVE-2023-4649
was published
Aug 31, 2023
In certain conditions, depending on timing and the usage of the Chrome web browser, Guardian/CMC...
Moderate
Unreviewed
CVE-2023-24477
was published
Aug 9, 2023
In visitUris of RemoteViews.java, there is a possible leak of images between users due to a...
Moderate
Unreviewed
CVE-2023-21238
was published
Jul 13, 2023
In visitUris of Notification.java, there is a possible way to leak image data across user...
Moderate
Unreviewed
CVE-2023-21239
was published
Jul 13, 2023
Session Fixation in GitHub repository fossbilling/fossbilling prior to 0.5.1.
Moderate
Unreviewed
CVE-2023-3394
was published
Jun 23, 2023
Froxlor Session Fixation vulnerability
Moderate
CVE-2023-3192
was published
for
froxlor/froxlor
(Composer)
Jun 11, 2023
An issue has been discovered in GitLab affecting all versions starting from 11.9 before 15.9.6,...
Moderate
Unreviewed
CVE-2023-1265
was published
May 3, 2023
alextselegidis/easyappointments Session Fixation vulnerability
Moderate
CVE-2023-2105
was published
for
alextselegidis/easyappointments
(Composer)
Apr 15, 2023
Symfony vulnerable to Session Fixation of CSRF tokens
Moderate
CVE-2022-24895
was published
for
symfony/security-bundle
(Composer)
Feb 1, 2023
A vulnerability, which was classified as critical, has been found in kassi xingwall. This issue...
Moderate
Unreviewed
CVE-2014-125048
was published
Jan 6, 2023
A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise...
Moderate
Unreviewed
CVE-2022-43529
was published
Jan 5, 2023
Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0...
Moderate
Unreviewed
CVE-2022-38628
was published
Dec 13, 2022
Tribal Systems Zenario CMS vulnerable to Session Fixation
Moderate
CVE-2022-4231
was published
for
tribalsystems/zenario
(Composer)
Nov 30, 2022
An issue was discovered in Appalti & Contratti 9.12.2. It allows Session Fixation. When a user...
Moderate
Unreviewed
CVE-2022-44788
was published
Nov 22, 2022
Session fixation exists in ZoneMinder through 1.36.12 as an attacker can poison a session cookie...
Moderate
Unreviewed
CVE-2022-30769
was published
Nov 16, 2022
Concrete CMS vulnerable to Session Fixation
Moderate
CVE-2022-43687
was published
for
concrete5/concrete5
(Composer)
Nov 15, 2022
IBM Sterling Partner Engagement Manager 2.0 does not invalidate session after logout which could...
Moderate
Unreviewed
CVE-2022-34334
was published
Oct 11, 2022
Apache IoTDB Session Fixation vulnerability
Moderate
CVE-2022-38369
was published
for
apache-iotdb
(Maven)
Sep 6, 2022
Insufficient Session Expiration in snipe/snipe-it
Moderate
CVE-2022-2997
was published
for
snipe/snipe-it
(Composer)
Aug 26, 2022
Dell Wyse Management Suite 3.6.1 and below contains a Session Fixation vulnerability. A...
Moderate
Unreviewed
CVE-2022-33927
was published
Aug 11, 2022
Passport vulnerable to session regeneration when a users logs in or out
Moderate
CVE-2022-25896
was published
for
passport
(npm)
Jul 2, 2022
Hybridsessions does not expire session id on logout
Moderate
CVE-2022-24444
was published
for
silverstripe/hybridsessions
(Composer)
Jun 29, 2022
Improper user session handling in filegator
Moderate
CVE-2022-1849
was published
for
filegator/filegator
(Composer)
May 25, 2022
As of v1.5.0, the Argo web interface authentication system issued immutable tokens....
Moderate
Unreviewed
CVE-2020-8826
was published
May 24, 2022
Session fixation on password protected public links in the ownCloud Server before 10.8.0 allows...
Moderate
Unreviewed
CVE-2021-35948
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API