Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,703
NuGet
661
pip
3,329
Pub
11
RubyGems
884
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+

283 advisories

Loading
Session Fixation in Tryton High
CVE-2018-19443 was published for tryton (pip) Nov 29, 2018
A session fixation in Fortinet FortiOS version 7.4.0 through 7.4.3 and 7.2.0 through 7.2.7 and 7... High Unreviewed
CVE-2023-50176 was published Nov 12, 2024
A session fixation issue was discovered in the NGINX OpenID Connect reference implementation,... Moderate Unreviewed
CVE-2024-10318 was published Nov 6, 2024
In visitUris of RemoteViews.java, there is a possible leak of images between users due to a... Moderate Unreviewed
CVE-2023-21238 was published Jul 13, 2023
In visitUris of Notification.java, there is a possible way to leak image data across user... Moderate Unreviewed
CVE-2023-21239 was published Jul 13, 2023
Apache Kylin Session Fixation vulnerability High
CVE-2024-23590 was published for org.apache.kylin:kylin (Maven) Nov 4, 2024
In NetAdmin 4.0.30319, an attacker can steal a valid session cookie and inject it into another... High Unreviewed
CVE-2024-48955 was published Oct 29, 2024
rdiffweb vulnerable to account access via session fixation Critical
CVE-2022-3269 was published for rdiffweb (pip) Sep 25, 2022
Umbraco CMS Has Incomplete Server Termination During Explicit Sign-Out Moderate
CVE-2024-48929 was published for Umbraco.CMS (NuGet) Oct 22, 2024
A vulnerability classified as problematic has been found in PHPGurukul Boat Booking System 1.0.... Moderate Unreviewed
CVE-2024-10158 was published Oct 20, 2024
Session fixation in Elytron SAML adapters High
GHSA-5rxp-2rhr-qwqv was published for org.keycloak:keycloak-services (Maven) Oct 14, 2024
Session Fixation vulnerability in Oceanic Software ValeApp allows Brute Force, Session Hijacking... Critical Unreviewed
CVE-2024-8643 was published Sep 27, 2024
Liferay Portal's account lockout does not invalidate existing user sessions Moderate
CVE-2023-47798 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 8, 2024
Keycloak Session Fixation vulnerability High
CVE-2024-7341 was published for org.keycloak:keycloak-services (Maven) Sep 9, 2024
stianst
IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable... Moderate Unreviewed
CVE-2024-22318 was published Feb 9, 2024
In certain conditions, depending on timing and the usage of the Chrome web browser, Guardian/CMC... High Unreviewed
CVE-2023-24477 was published Aug 9, 2023
Django allows user sessions hijacking via an empty string in the session key Moderate
CVE-2015-3982 was published for Django (pip) May 17, 2022
MarkLee131
The H2-DM1E PLC's authentication protocol appears to utilize either a custom encoding scheme or a... High Unreviewed
CVE-2024-45368 was published Sep 13, 2024
Apache Airflow Session Fixation vulnerability Critical
CVE-2022-38054 was published for apache-airflow (pip) Sep 3, 2022
Apache Airflow Session Fixation vulnerability High
CVE-2023-40273 was published for apache-airflow (pip) Aug 23, 2023
Session is cached for OpenID and OAuth2 if `redirect` is not used High
CVE-2024-45596 was published for @directus/api (npm) Sep 10, 2024
joselcvarela
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP2).... Moderate Unreviewed
CVE-2024-42345 was published Sep 10, 2024
Sametime is impacted by a failure to invalidate sessions. The application is setting sensitive... Low Unreviewed
CVE-2023-45718 was published Feb 10, 2024
aiohttp-session Session Fixation vulnerability Moderate
CVE-2018-1000519 was published for aiohttp-session (pip) Sep 13, 2018
IBM Aspera Shares 1.10.0 PL2 does not invalidate session after a password change which could... Moderate Unreviewed
CVE-2023-38018 was published Aug 12, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database