Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

196 advisories

Loading
An issue was discovered on Actiontec WCB6200Q before 1.1.10.20a devices. The admin login session... High Unreviewed
CVE-2018-10252 was published May 14, 2022
ClipperCMS 1.3.3 allows Session Fixation. High Unreviewed
CVE-2018-11571 was published May 14, 2022
Monstra CMS 3.0.4 has a Session Management Issue in the Users tab. A password change at users/1... High Unreviewed
CVE-2018-11475 was published May 14, 2022
Monstra CMS 3.0.4 has a Session Management Issue in the Administrations Tab. A password change at... High Unreviewed
CVE-2018-11474 was published May 14, 2022
** DISPUTED ** Prior to 2018-04-27, the reprompt feature in Amazon Echo devices could be misused... Moderate Unreviewed
CVE-2018-11567 was published May 14, 2022
An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel... Critical Unreviewed
CVE-2018-11714 was published May 14, 2022
An issue was discovered in WonderCMS before 2.5.2. An attacker can create a new session on a web... High Unreviewed
CVE-2018-14387 was published May 14, 2022
Session Fixation in the web application for TerraMaster TOS version 3.1.03 allows attackers to... Moderate Unreviewed
CVE-2018-13337 was published May 14, 2022
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the password... High Unreviewed
CVE-2018-9082 was published May 14, 2022
A Session Fixation issue was discovered in Bigtree before 4.2.24. admin.php accepts a user... Moderate Unreviewed
CVE-2018-18380 was published May 14, 2022
Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as... Critical Unreviewed
CVE-2018-18925 was published May 14, 2022
Session fixation exists in ZoneMinder through 1.32.3, as an attacker can fixate his own session... High Unreviewed
CVE-2019-7350 was published May 14, 2022
DbNinja 3.2.7 allows session fixation via the data.php sessid parameter. Critical Unreviewed
CVE-2019-7747 was published May 14, 2022
Various rest resources in Atlassian Crowd before version 3.2.7 and from version 3.3.0 before... High Unreviewed
CVE-2018-20238 was published May 14, 2022
The console login resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before... High Unreviewed
CVE-2017-18105 was published May 14, 2022
VMware vCloud Director for Service Providers 9.5.x prior to 9.5.0.3 update resolves a Remote... Critical Unreviewed
CVE-2019-5523 was published May 14, 2022
AxiomSL's Axiom Google Web Toolkit module 9.5.3 and earlier is vulnerable to a Session Fixation... High Unreviewed
CVE-2015-5384 was published May 14, 2022
Session fixation vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack web... Critical Unreviewed
CVE-2017-12965 was published May 14, 2022
An issue was discovered on PHOENIX CONTACT FL NAT SMCS 8TX, FL NAT SMN 8TX, FL NAT SMN 8TX-M, and... High Unreviewed
CVE-2019-9744 was published May 14, 2022
An issue was discovered in Cloud Foundry Foundation Cloud Foundry release v252 and earlier... High Unreviewed
CVE-2017-4963 was published May 14, 2022
Honeywell NVR devices allow remote attackers to create a user account in the admin group by... High Unreviewed
CVE-2017-14263 was published May 13, 2022
An issue was discovered in Mahara before 15.04.14, 16.x before 16.04.8, 16.10.x before 16.10.5,... High Unreviewed
CVE-2017-14163 was published May 13, 2022
ubuntu-image 1.0 before 2017-07-07, when invoked as non-root, creates files in the resulting... Moderate Unreviewed
CVE-2017-10600 was published May 13, 2022
Session cookies are not used for maintaining valid sessions in iTrack Easy. The user's password... Critical Unreviewed
CVE-2016-6545 was published May 13, 2022
Revive Adserver before 3.2.3 suffers from session fixation, by allowing arbitrary session... Critical Unreviewed
CVE-2016-9125 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database