Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

282 advisories

Loading
An OAuth session fixation vulnerability existed in the VPN login flow, where an attacker could... High Unreviewed
CVE-2020-15679 was published Dec 22, 2022
An issue was discovered in Simmeth Lieferantenmanager before 5.6. Due to errors in session... High Unreviewed
CVE-2022-44017 was published Dec 25, 2022
Hazelcast connection caching Critical
CVE-2022-36437 was published for com.hazelcast.jet:hazelcast-jet (Maven) Dec 27, 2022
A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise... Moderate Unreviewed
CVE-2022-43529 was published Jan 5, 2023
A vulnerability, which was classified as critical, has been found in kassi xingwall. This issue... Moderate Unreviewed
CVE-2014-125048 was published Jan 6, 2023
KubePi session fixation attack allows an attacker to hijack a legitimate user session. High
CVE-2023-22479 was published for github.com/KubeOperator/kubepi (Go) Jan 9, 2023
Session fixation vulnerability in CuppaCMS thru commit 4c9b742b23b924cf4c1f943f48b278e06a17e297... High Unreviewed
CVE-2021-29368 was published Jan 20, 2023
Session fixation vulnerability in Jenkins OpenID Plugin High
CVE-2023-24444 was published for org.jenkins-ci.plugins:openid (Maven) Jan 26, 2023
Session fixation vulnerability in Jenkins Keycloak Authentication Plugin Critical
CVE-2023-24456 was published for org.jenkins-ci.plugins:keycloak (Maven) Jan 26, 2023
Session fixation vulnerability in Jenkins OpenId Connect Authentication Plugin High
CVE-2023-24424 was published for org.jenkins-ci.plugins:oic-auth (Maven) Jan 26, 2023
Session fixation vulnerability in Jenkins Bitbucket OAuth Plugin Critical
CVE-2023-24427 was published for org.jenkins-ci.plugins:bitbucket-oauth (Maven) Jan 26, 2023
Symfony vulnerable to Session Fixation of CSRF tokens Moderate
CVE-2022-24895 was published for symfony/security-bundle (Composer) Feb 1, 2023
nicolas-grekas lavish
A condition for session fixation vulnerability [CWE-384] in the session management of FortiWeb... Critical Unreviewed
CVE-2021-42761 was published Feb 16, 2023
Moodle Session Fixation vulnerability High
CVE-2021-36394 was published for moodle/moodle (Composer) Mar 6, 2023
Session Fixation vulnerability in in function login in class.auth.php in osTicket through 1.16.2. High Unreviewed
CVE-2022-31888 was published Apr 6, 2023
alextselegidis/easyappointments Session Fixation vulnerability Moderate
CVE-2023-2105 was published for alextselegidis/easyappointments (Composer) Apr 15, 2023
Session fixation in fastify-passport High
CVE-2023-29019 was published for @fastify/passport (npm) Apr 21, 2023
pedromigueladao lavish
An issue has been discovered in GitLab affecting all versions starting from 11.9 before 15.9.6,... Moderate Unreviewed
CVE-2023-1265 was published May 3, 2023
A session takeover vulnerability exists in FICO Origination Manager Decision Module 4.8.1 due to... High Unreviewed
CVE-2023-30056 was published May 9, 2023
A security vulnerability has been discovered in the implementation of 2FA on the rocket.chat... Critical Unreviewed
CVE-2023-28316 was published May 10, 2023
A privilege escalation issue was found in PHP Gurukul Hospital Management System In v.4.0 allows... Critical Unreviewed
CVE-2023-31498 was published May 11, 2023
Jenkins CAS Plugin Session Fixation vulnerability High
CVE-2023-32997 was published for org.jenkins-ci.plugins:cas-plugin (Maven) May 16, 2023
Jenkins WSO2 Oauth Plugin Session Fixation vulnerability High
CVE-2023-33005 was published for org.jenkins-ci.plugins:wso2id-oauth (Maven) May 16, 2023
Froxlor Session Fixation vulnerability Moderate
CVE-2023-3192 was published for froxlor/froxlor (Composer) Jun 11, 2023
Some access control products are vulnerable to a session hijacking attack because the product... High Unreviewed
CVE-2023-28809 was published Jun 15, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database