Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

286 advisories

Loading
On eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16, automatic login... High Unreviewed
CVE-2019-10120 was published May 24, 2022
IBM Security Access Manager 9.0.1 through 9.0.6 does not invalidate session tokens in a timely... Moderate Unreviewed
CVE-2019-4152 was published May 24, 2022
The "action" get_sess_id in the web application of Pydio through 8.2.2 discloses the session... Moderate Unreviewed
CVE-2019-10045 was published May 24, 2022
A vulnerability in the session management functionality of the web UI for the Cisco Umbrella... High Unreviewed
CVE-2019-1807 was published May 24, 2022
BPC SmartVista 2 has Session Fixation via the JSESSIONID parameter. High Unreviewed
CVE-2018-15208 was published May 24, 2022
Zoho ManageEngine ServiceDesk 9.3 allows session hijacking and privilege escalation because an... High Unreviewed
CVE-2019-10008 was published May 24, 2022
Django allows user sessions hijacking via an empty string in the session key Moderate
CVE-2015-3982 was published for Django (pip) May 17, 2022
MarkLee131
IBM Jazz Foundation could allow an authenticated user to take over a previously logged in user... Moderate Unreviewed
CVE-2016-6040 was published May 17, 2022
Tivoli Storage Manager Operations Center could allow a local user to take over a previously... High Unreviewed
CVE-2016-6043 was published May 17, 2022
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior,... Moderate Unreviewed
CVE-2017-5141 was published May 17, 2022
Session fixation vulnerability in the forgot password mechanism in Revive Adserver before 4.0.1,... Moderate Unreviewed
CVE-2017-5831 was published May 17, 2022
Session fixation vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack... High Unreviewed
CVE-2016-10205 was published May 17, 2022
In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could occur, aka NSWA-1310. High Unreviewed
CVE-2017-6412 was published May 17, 2022
Session fixation vulnerability in pcsd in pcs before 0.9.157. High Unreviewed
CVE-2016-0721 was published May 17, 2022
IBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly update the SESSIONID with... Moderate Unreviewed
CVE-2017-1152 was published May 17, 2022
phpMyAdmin Bypass logout timeout Moderate
CVE-2016-9851 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
Session Side jacking vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9... High Unreviewed
CVE-2017-4014 was published May 17, 2022
Session fixation vulnerability in Cybozu Garoon 4.0.0 to 4.2.4 allows remote attackers to perform... Moderate Unreviewed
CVE-2017-2145 was published May 17, 2022
IBM Security Identity Manager Virtual Appliance does not invalidate session tokens which could... Low Unreviewed
CVE-2016-9703 was published May 17, 2022
Session fixation vulnerability in Unit4 Polska TETA Web (formerly TETA Galactica) 22.62.3.4 and... Critical Unreviewed
CVE-2015-1174 was published May 17, 2022
IBM AppScan Enterprise Edition 9.0 contains an unspecified vulnerability that could allow an... High Unreviewed
CVE-2016-9981 was published May 17, 2022
OpenStack Horizon Session Fixation Moderate
CVE-2012-2144 was published for horizon (pip) May 17, 2022
Session fixation vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7... Moderate Unreviewed
CVE-2014-4789 was published May 17, 2022
** DISPUTED ** FreeIPA 4.x with API version 2.213 allows a remote authenticated users to bypass... High Unreviewed
CVE-2017-11191 was published May 17, 2022
/bin/login.php in the Web Panel on the Airtame HDMI dongle with firmware before 3.0 allows an... Critical Unreviewed
CVE-2017-15304 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database