Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

32 advisories

Loading
Session fixation vulnerability in Jenkins OpenId Connect Authentication Plugin High
CVE-2024-52553 was published for org.jenkins-ci.plugins:oic-auth (Maven) Nov 13, 2024
Apache Kylin Session Fixation vulnerability High
CVE-2024-23590 was published for org.apache.kylin:kylin (Maven) Nov 4, 2024
Session fixation in Elytron SAML adapters High
GHSA-5rxp-2rhr-qwqv was published for org.keycloak:keycloak-services (Maven) Oct 14, 2024
Session is cached for OpenID and OAuth2 if `redirect` is not used High
CVE-2024-45596 was published for @directus/api (npm) Sep 10, 2024
joselcvarela
Keycloak Session Fixation vulnerability High
CVE-2024-7341 was published for org.keycloak:keycloak-services (Maven) Sep 9, 2024
stianst
TYPO3 frontend login vulnerable to Session Fixation High
GHSA-r9vc-jfmh-6j48 was published for typo3/cms (Composer) May 30, 2024
silverstripe/framework's User-Agent header not correctly invalidating user session High
GHSA-4qx8-j9vh-2628 was published for silverstripe/framework (Composer) May 27, 2024
Uptime Kuma has Persistentent User Sessions High
CVE-2023-44400 was published for uptime-kuma (npm) Oct 10, 2023
Nansess dj4oC
Apache Airflow Session Fixation vulnerability High
CVE-2023-40273 was published for apache-airflow (pip) Aug 23, 2023
Jenkins OpenShift Login Plugin session fixation vulnerability High
CVE-2023-37946 was published for org.openshift.jenkins:openshift-login (Maven) Jul 12, 2023
Jenkins CAS Plugin Session Fixation vulnerability High
CVE-2023-32997 was published for org.jenkins-ci.plugins:cas-plugin (Maven) May 16, 2023
Jenkins WSO2 Oauth Plugin Session Fixation vulnerability High
CVE-2023-33005 was published for org.jenkins-ci.plugins:wso2id-oauth (Maven) May 16, 2023
Session fixation in fastify-passport High
CVE-2023-29019 was published for @fastify/passport (npm) Apr 21, 2023
pedromigueladao lavish
Moodle Session Fixation vulnerability High
CVE-2021-36394 was published for moodle/moodle (Composer) Mar 6, 2023
Session fixation vulnerability in Jenkins OpenId Connect Authentication Plugin High
CVE-2023-24424 was published for org.jenkins-ci.plugins:oic-auth (Maven) Jan 26, 2023
Session fixation vulnerability in Jenkins OpenID Plugin High
CVE-2023-24444 was published for org.jenkins-ci.plugins:openid (Maven) Jan 26, 2023
KubePi session fixation attack allows an attacker to hijack a legitimate user session. High
CVE-2023-22479 was published for github.com/KubeOperator/kubepi (Go) Jan 9, 2023
Apache IoTDB Session Fixation vulnerability High
CVE-2022-38369 was published for apache-iotdb (Maven) Sep 6, 2022
Session fixation vulnerability in Jenkins High
CVE-2021-21671 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Jenkins Gitlab Authentication Plugin vulnerable to Session Fixation High
CVE-2019-10371 was published for org.jenkins-ci.plugins:gitlab-oauth (Maven) May 24, 2022
Magento 2 Community Edition Session Fixation Check High
CVE-2019-7849 was published for magento/community-edition (Composer) May 24, 2022
Symfony Session Fixation Vulnerability High
CVE-2018-11385 was published for symfony/security (Composer) May 14, 2022
Session Fixation in Apache CXF High
CVE-2017-5656 was published for org.apache.cxf:cxf-core (Maven) May 13, 2022
sunSUNQ
Authentication library in TYPO3 vulnerable to session fixation High
CVE-2009-0256 was published for typo3/cms (Composer) May 2, 2022
Session Fixation in WildFly Elytron High
CVE-2020-10714 was published for org.wildfly.security:wildfly-elytron (Maven) Feb 15, 2022
ProTip! Advisories are also available from the GraphQL API