Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,303
Erlang
31
GitHub Actions
21
Go
2,072
Maven
5,000+
npm
3,744
NuGet
669
pip
3,430
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+

295 advisories

Loading
A Session Fixation issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000,... High Unreviewed
CVE-2018-5465 was published May 13, 2022
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. When authenticating a user or... High Unreviewed
CVE-2018-8852 was published May 13, 2022
GitHub Authentication Plugin session fixation vulnerability Moderate
CVE-2019-1003019 was published for org.jenkins-ci.plugins:github-oauth (Maven) May 13, 2022
Cloud Foundry Stratos, versions prior to 2.3.0, contains an insecure session that can be spoofed.... Moderate Unreviewed
CVE-2019-3784 was published May 13, 2022
In Pulse Secure Pulse Desktop Client and Network Connect, an attacker could access session tokens... High Unreviewed
CVE-2019-11213 was published May 13, 2022
Insufficient session authentication in web server for Intel(R) Data Center Manager SDK before... High Unreviewed
CVE-2019-0102 was published May 13, 2022
A session fixation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to... High Unreviewed
CVE-2018-9026 was published May 13, 2022
In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time... High Unreviewed
CVE-2018-17199 was published May 13, 2022
Session Fixation in Apache CXF High
CVE-2017-5656 was published for org.apache.cxf:cxf-core (Maven) May 13, 2022
sunSUNQ
A vulnerability in the web management interface of Brocade Fabric OS versions before 8.2.1, 8.1... High Unreviewed
CVE-2018-6434 was published May 13, 2022
Authentication library in TYPO3 vulnerable to session fixation High
CVE-2009-0256 was published for typo3/cms (Composer) May 2, 2022
Session fixation vulnerability in Drupal 5.x before 5.9 and 6.x before 6.3, when contributed... Moderate Unreviewed
CVE-2008-3222 was published May 1, 2022
Session fixation vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers to... High Unreviewed
CVE-2007-4188 was published May 1, 2022
mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable... Low Unreviewed
CVE-2001-1534 was published Apr 30, 2022
OpenSSL and SSLeay allow remote attackers to reuse SSL sessions and bypass access controls. High Unreviewed
CVE-1999-0428 was published Apr 30, 2022
IBM QRadar SIEM 7.3, 7.4, and 7.5 in some situations may not automatically log users out after... Critical Unreviewed
CVE-2021-38869 was published Apr 28, 2022
Joomla! Core is prone to a session fixation vulnerability. An attacker may leverage this issue to... High Unreviewed
CVE-2010-1434 was published Apr 21, 2022
TYPO3 is vulnerable to Session Fixation Moderate
CVE-2010-3671 was published for typo3/cms-install (Composer) Apr 21, 2022
A flaw was found in WildFly Elytron. A variation to the use of a session fixation exploit when... Moderate Unreviewed
CVE-2021-20324 was published Apr 19, 2022
A session fixation vulnerability in the B. Braun Melsungen AG SpaceCom administrative interface... High Unreviewed
CVE-2020-25152 was published Apr 15, 2022
Session fixation Moderate
CVE-2020-5205 was published for pow (Erlang) Apr 12, 2022
Shopware guest session is shared between customers Moderate
CVE-2022-24745 was published for shopware/platform (Composer) Mar 10, 2022
TP-Link TL-WA850RE Wi-Fi Range Extender before v6_200923 was discovered to use highly predictable... Critical Unreviewed
CVE-2022-22922 was published Feb 19, 2022
Session Fixation in WildFly Elytron High
CVE-2020-10714 was published for org.wildfly.security:wildfly-elytron (Maven) Feb 15, 2022
IBM Financial Transaction Manager 3.2.4 does not invalidate session any existing session... High Unreviewed
CVE-2021-39066 was published Feb 3, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database