GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,230
Composer 4,347
Erlang 31
GitHub Actions 22
Go 2,117
Maven 5,289
npm 3,768
NuGet 680
pip 3,457
Pub 12
RubyGems 892
Rust 888
Swift 38

Unreviewed advisories

All unreviewed 243,668

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

80 advisories

Filter by severity

Sort by

Least recently updated

A vulnerability, which was classified as critical, has been found in kassi xingwall. This issue... Moderate Unreviewed

CVE-2014-125048 was published Jan 6, 2023

A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise... Moderate Unreviewed

CVE-2022-43529 was published Jan 5, 2023

Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0... Moderate Unreviewed

CVE-2022-38628 was published Dec 13, 2022

An issue was discovered in Appalti & Contratti 9.12.2. It allows Session Fixation. When a user... Moderate Unreviewed

CVE-2022-44788 was published Nov 22, 2022

Session fixation exists in ZoneMinder through 1.36.12 as an attacker can poison a session cookie... Moderate Unreviewed

CVE-2022-30769 was published Nov 16, 2022

IBM Sterling Partner Engagement Manager 2.0 does not invalidate session after logout which could... Moderate Unreviewed

CVE-2022-34334 was published Oct 11, 2022

Dell Wyse Management Suite 3.6.1 and below contains a Session Fixation vulnerability. A... Moderate Unreviewed

CVE-2022-33927 was published Aug 11, 2022

As of v1.5.0, the Argo web interface authentication system issued immutable tokens.... Moderate Unreviewed

CVE-2020-8826 was published May 24, 2022

Session fixation on password protected public links in the ownCloud Server before 10.8.0 allows... Moderate Unreviewed

CVE-2021-35948 was published May 24, 2022

Under specialized conditions, GitLab may allow a user with an impersonation token to perform Git... Moderate Unreviewed

CVE-2021-22237 was published May 24, 2022

A session fixation vulnerability was discovered in Ice Hrm 29.0.0 OS which allows an attacker to... Moderate Unreviewed

CVE-2021-35046 was published May 24, 2022

Cubecart 6.4.2 allows Session Fixation. The application does not generate a new session cookie... Moderate Unreviewed

CVE-2021-33394 was published May 24, 2022

Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are... Moderate Unreviewed

CVE-2019-18946 was published May 24, 2022

Pi-hole 5.0, 5.1, and 5.1.1 allows Session Fixation. The application does not generate a new... Moderate Unreviewed

CVE-2020-35591 was published May 24, 2022

IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to bypass... Moderate Unreviewed

CVE-2020-4954 was published May 24, 2022

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 does not invalidate session after a password... Moderate Unreviewed

CVE-2020-5021 was published May 24, 2022

IBM Financial Transaction Manager 3.0.6 and 3.1.0 does not invalidate session after logout which... Moderate Unreviewed

CVE-2020-4555 was published May 24, 2022

IBM Security Directory Server 6.4.0 does not set the secure attribute on authorization tokens or... Moderate Unreviewed

CVE-2019-4563 was published May 24, 2022

A session fixation vulnerability in J-Web on Junos OS may allow an attacker to use social... Moderate Unreviewed

CVE-2019-0062 was published May 24, 2022

IBM WebSphere Application Server - Liberty could allow a remote attacker to bypass security... Moderate Unreviewed

CVE-2019-4304 was published May 24, 2022

A remote session reuse vulnerability was discovered in HPE 3PAR Service Processor version(s):... Moderate Unreviewed

CVE-2019-5400 was published May 24, 2022

IBM Cloud Private 3.1.0, 3.1.1, and 3.1.2 does not invalidate session after logout which could... Moderate Unreviewed

CVE-2019-4439 was published May 24, 2022

IBM Security Access Manager 9.0.1 through 9.0.6 does not invalidate session tokens in a timely... Moderate Unreviewed

CVE-2019-4152 was published May 24, 2022

The "action" get_sess_id in the web application of Pydio through 8.2.2 discloses the session... Moderate Unreviewed

CVE-2019-10045 was published May 24, 2022

IBM Jazz Foundation could allow an authenticated user to take over a previously logged in user... Moderate Unreviewed

CVE-2016-6040 was published May 17, 2022

Previous 1 2 3 4 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

80 advisories