Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

287 advisories

Loading
** UNSUPPORTED WHEN ASSIGNED ** In ARCHIBUS Web Central 21.3.3.815 (a version from 2014), the Web... Critical Unreviewed
CVE-2021-41553 was published May 24, 2022
** DISPUTED ** Prior to 2018-04-27, the reprompt feature in Amazon Echo devices could be misused... Moderate Unreviewed
CVE-2018-11567 was published May 14, 2022
A vulnerability was found in Bdtask Wholesale Inventory Management System up to 20240311. It has... Moderate Unreviewed
CVE-2024-2639 was published Mar 19, 2024
com.enonic.xp:lib-auth vulnerable to Session Fixation Critical
GHSA-4m5p-5w5w-3jcf was published for com.enonic.xp:lib-auth (Maven) Oct 12, 2022
Session Hijack vulnerability in Deprecated VMware Enhanced Authentication Plug-in could allow a... High Unreviewed
CVE-2024-22250 was published Feb 20, 2024
Graylog session fixation vulnerability through cookie injection Moderate
CVE-2024-24823 was published for org.graylog2:graylog2-server (Maven) Feb 7, 2024
fabsx00
Magento 2 Community Edition Session Fixation Check High
CVE-2019-7849 was published for magento/community-edition (Composer) May 24, 2022
Symfony Session Fixation Vulnerability High
CVE-2018-11385 was published for symfony/security (Composer) May 14, 2022
Symfony Session Fixation Vulnerability Low
CVE-2015-8124 was published for symfony/security (Composer) May 14, 2022
TYPO3 is vulnerable to Session Fixation Moderate
CVE-2010-3671 was published for typo3/cms-install (Composer) Apr 21, 2022
Incorrect persistent NameID generation in SimpleSAMLphp Critical
CVE-2017-12873 was published for simplesamlphp/simplesamlphp (Composer) Jan 24, 2020
Session fixation in change password form Moderate
CVE-2019-12203 was published for silverstripe/framework (Composer) Nov 12, 2019
An issue was discovered in Mbed TLS through 3.5.1. In mbedtls_ssl_session_reset, the maximum... High Unreviewed
CVE-2023-52353 was published Jan 22, 2024
Cookie persistence after password changes in symfony/security-bundle Moderate
CVE-2021-41268 was published for symfony/security-bundle (Composer) Nov 24, 2021
thibaut-decherit wouterj
IBM PowerSC 1.3, 2.0, and 2.1 does not provide logout functionality, which could allow an... Moderate Unreviewed
CVE-2023-50941 was published Feb 2, 2024
Session fixation in Enonic XP Critical
CVE-2024-23679 was published for com.enonic.xp:lib-auth (Maven) Jan 19, 2024
An issue was discovered on GL.iNet devices before version 4.5.0. They assign the same session ID... Moderate Unreviewed
CVE-2023-50920 was published Jan 12, 2024
Authentication library in TYPO3 vulnerable to session fixation High
CVE-2009-0256 was published for typo3/cms (Composer) May 2, 2022
A vulnerability classified as problematic has been found in SourceCodester Engineers Online... Low Unreviewed
CVE-2024-0351 was published Jan 10, 2024
GitHub Authentication Plugin session fixation vulnerability Moderate
CVE-2019-1003019 was published for org.jenkins-ci.plugins:github-oauth (Maven) May 13, 2022
Session fixation vulnerability in Jenkins Keycloak Authentication Plugin Critical
CVE-2023-24456 was published for org.jenkins-ci.plugins:keycloak (Maven) Jan 26, 2023
Jenkins CAS Plugin Session Fixation vulnerability High
CVE-2023-32997 was published for org.jenkins-ci.plugins:cas-plugin (Maven) May 16, 2023
Improper implementation of the session fixation protection in Infinispan Critical
CVE-2019-10158 was published for org.infinispan:infinispan-core (Maven) Jan 21, 2020
poschi3
Session Fixation in Apache CXF High
CVE-2017-5656 was published for org.apache.cxf:cxf-core (Maven) May 13, 2022
sunSUNQ
Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24.492 is vulnerable to... Critical Unreviewed
CVE-2023-48929 was published Dec 8, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database