GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
114 advisories
Filter by severity
** DISPUTED ** FreeIPA 4.x with API version 2.213 allows a remote authenticated users to bypass...
High
Unreviewed
CVE-2017-11191
was published
May 17, 2022
Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 are vulnerable to prevent session IDs from...
High
Unreviewed
CVE-2017-1000150
was published
May 17, 2022
A Session Fixation Vulnerability exists in the MT4 Networks SenhaSegura Web Application 2.2.23.8...
High
Unreviewed
CVE-2017-11562
was published
May 14, 2022
Apache IoTDB Session Fixation vulnerability
High
CVE-2022-38369
was published
for
apache-iotdb
(Maven)
Sep 6, 2022
Session fixation vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3...
High
Unreviewed
CVE-2018-0564
was published
May 14, 2022
Red Hat CloudForms 2 Management Engine (CFME) allows remote attackers to conduct session...
High
Unreviewed
CVE-2013-2049
was published
May 14, 2022
An issue was discovered on Actiontec WCB6200Q before 1.1.10.20a devices. The admin login session...
High
Unreviewed
CVE-2018-10252
was published
May 14, 2022
Monstra CMS 3.0.4 has a Session Management Issue in the Users tab. A password change at users/1...
High
Unreviewed
CVE-2018-11475
was published
May 14, 2022
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon...
High
Unreviewed
CVE-2017-18125
was published
May 14, 2022
Monstra CMS 3.0.4 has a Session Management Issue in the Administrations Tab. A password change at...
High
Unreviewed
CVE-2018-11474
was published
May 14, 2022
An issue was discovered in WonderCMS before 2.5.2. An attacker can create a new session on a web...
High
Unreviewed
CVE-2018-14387
was published
May 14, 2022
Session fixation exists in ZoneMinder through 1.32.3, as an attacker can fixate his own session...
High
Unreviewed
CVE-2019-7350
was published
May 14, 2022
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the password...
High
Unreviewed
CVE-2018-9082
was published
May 14, 2022
Various rest resources in Atlassian Crowd before version 3.2.7 and from version 3.3.0 before...
High
Unreviewed
CVE-2018-20238
was published
May 14, 2022
The console login resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before...
High
Unreviewed
CVE-2017-18105
was published
May 14, 2022
AxiomSL's Axiom Google Web Toolkit module 9.5.3 and earlier is vulnerable to a Session Fixation...
High
Unreviewed
CVE-2015-5384
was published
May 14, 2022
An issue was discovered in Cloud Foundry Foundation Cloud Foundry release v252 and earlier...
High
Unreviewed
CVE-2017-4963
was published
May 14, 2022
An issue was discovered on PHOENIX CONTACT FL NAT SMCS 8TX, FL NAT SMN 8TX, FL NAT SMN 8TX-M, and...
High
Unreviewed
CVE-2019-9744
was published
May 14, 2022
Honeywell NVR devices allow remote attackers to create a user account in the admin group by...
High
Unreviewed
CVE-2017-14263
was published
May 13, 2022
An issue was discovered in Mahara before 15.04.14, 16.x before 16.04.8, 16.10.x before 16.10.5,...
High
Unreviewed
CVE-2017-14163
was published
May 13, 2022
Tendrl API in Red Hat Gluster Storage before 3.4.0 does not immediately remove session tokens...
High
Unreviewed
CVE-2018-1127
was published
May 13, 2022
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does not renew a session variable after...
High
Unreviewed
CVE-2018-1375
was published
May 13, 2022
Navarino Infinity is prone to session fixation attacks. The server accepts the session ID as a...
High
Unreviewed
CVE-2018-5385
was published
May 13, 2022
A Session Fixation issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000,...
High
Unreviewed
CVE-2018-5465
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API