GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
286 advisories
Filter by severity
IBM Security Guardium 10.0 does not renew a session variable after a successful authentication...
Low
Unreviewed
CVE-2017-1270
was published
May 14, 2022
A Session Fixation Vulnerability exists in the MT4 Networks SenhaSegura Web Application 2.2.23.8...
High
Unreviewed
CVE-2017-11562
was published
May 14, 2022
VMware vRealize Automation (vRA) prior to 7.4.0 contains a vulnerability in the handling of...
Critical
Unreviewed
CVE-2018-6959
was published
May 14, 2022
Session fixation vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3...
High
Unreviewed
CVE-2018-0564
was published
May 14, 2022
Red Hat CloudForms 2 Management Engine (CFME) allows remote attackers to conduct session...
High
Unreviewed
CVE-2013-2049
was published
May 14, 2022
In Nessus before 7.1.0, Session Fixation exists due to insufficient session management within the...
Moderate
Unreviewed
CVE-2018-1148
was published
May 14, 2022
An issue was discovered on Actiontec WCB6200Q before 1.1.10.20a devices. The admin login session...
High
Unreviewed
CVE-2018-10252
was published
May 14, 2022
Monstra CMS 3.0.4 has a Session Management Issue in the Users tab. A password change at users/1...
High
Unreviewed
CVE-2018-11475
was published
May 14, 2022
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon...
High
Unreviewed
CVE-2017-18125
was published
May 14, 2022
An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel...
Critical
Unreviewed
CVE-2018-11714
was published
May 14, 2022
Monstra CMS 3.0.4 has a Session Management Issue in the Administrations Tab. A password change at...
High
Unreviewed
CVE-2018-11474
was published
May 14, 2022
An issue was discovered in WonderCMS before 2.5.2. An attacker can create a new session on a web...
High
Unreviewed
CVE-2018-14387
was published
May 14, 2022
The application was vulnerable to a session fixation that could be used hijack accounts.
Critical
Unreviewed
CVE-2022-40293
was published
Nov 1, 2022
Session Fixation in the web application for TerraMaster TOS version 3.1.03 allows attackers to...
Moderate
Unreviewed
CVE-2018-13337
was published
May 14, 2022
Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as...
Critical
Unreviewed
CVE-2018-18925
was published
May 14, 2022
Session fixation exists in ZoneMinder through 1.32.3, as an attacker can fixate his own session...
High
Unreviewed
CVE-2019-7350
was published
May 14, 2022
A Session Fixation issue was discovered in Bigtree before 4.2.24. admin.php accepts a user...
Moderate
Unreviewed
CVE-2018-18380
was published
May 14, 2022
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the password...
High
Unreviewed
CVE-2018-9082
was published
May 14, 2022
Various rest resources in Atlassian Crowd before version 3.2.7 and from version 3.3.0 before...
High
Unreviewed
CVE-2018-20238
was published
May 14, 2022
DbNinja 3.2.7 allows session fixation via the data.php sessid parameter.
Critical
Unreviewed
CVE-2019-7747
was published
May 14, 2022
The console login resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before...
High
Unreviewed
CVE-2017-18105
was published
May 14, 2022
VMware vCloud Director for Service Providers 9.5.x prior to 9.5.0.3 update resolves a Remote...
Critical
Unreviewed
CVE-2019-5523
was published
May 14, 2022
AxiomSL's Axiom Google Web Toolkit module 9.5.3 and earlier is vulnerable to a Session Fixation...
High
Unreviewed
CVE-2015-5384
was published
May 14, 2022
Session fixation vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack web...
Critical
Unreviewed
CVE-2017-12965
was published
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API