GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,536
Composer 4,189
Erlang 31
GitHub Actions 19
Go 1,985
Maven 5,160
npm 3,701
NuGet 657
pip 3,326
Pub 11
RubyGems 882
Rust 836
Swift 35

Unreviewed advisories

All unreviewed 233,527

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

88 advisories

Filter by severity

Sort by

Least recently updated

In NetAdmin 4.0.30319, an attacker can steal a valid session cookie and inject it into another... High Unreviewed

CVE-2024-48955 was published Oct 29, 2024

The H2-DM1E PLC's authentication protocol appears to utilize either a custom encoding scheme or a... High Unreviewed

CVE-2024-45368 was published Sep 13, 2024

An issue in Outline <= v0.76.1 allows attackers to execute a session hijacking attack via user... High Unreviewed

CVE-2024-37829 was published Jul 9, 2024

Session Hijack vulnerability in Deprecated VMware Enhanced Authentication Plug-in could allow a... High Unreviewed

CVE-2024-22250 was published Feb 20, 2024

An issue was discovered in Mbed TLS through 3.5.1. In mbedtls_ssl_session_reset, the maximum... High Unreviewed

CVE-2023-52353 was published Jan 22, 2024

A session hijacking vulnerability has been detected in the Imou Life application affecting... High Unreviewed

CVE-2023-6913 was published Dec 19, 2023

A session fixation vulnerability in South River Technologies' Titan MFT and Titan SFTP servers on... High Unreviewed

CVE-2023-45687 was published Oct 16, 2023

Session Fixation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows... High Unreviewed

CVE-2023-3711 was published Sep 12, 2023

In certain conditions, depending on timing and the usage of the Chrome web browser, Guardian/CMC... High Unreviewed

CVE-2023-24477 was published Aug 9, 2023

Some access control products are vulnerable to a session hijacking attack because the product... High Unreviewed

CVE-2023-28809 was published Jun 15, 2023

A session takeover vulnerability exists in FICO Origination Manager Decision Module 4.8.1 due to... High Unreviewed

CVE-2023-30056 was published May 9, 2023

Session Fixation vulnerability in in function login in class.auth.php in osTicket through 1.16.2. High Unreviewed

CVE-2022-31888 was published Apr 6, 2023

Session fixation vulnerability in CuppaCMS thru commit 4c9b742b23b924cf4c1f943f48b278e06a17e297... High Unreviewed

CVE-2021-29368 was published Jan 20, 2023

An issue was discovered in Simmeth Lieferantenmanager before 5.6. Due to errors in session... High Unreviewed

CVE-2022-44017 was published Dec 25, 2022

An OAuth session fixation vulnerability existed in the VPN login flow, where an attacker could... High Unreviewed

CVE-2020-15679 was published Dec 22, 2022

An issue was discovered in BACKCLICK Professional 5.9.63. Due to an unsafe implementation of... High Unreviewed

CVE-2022-44007 was published Nov 17, 2022

A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER... High Unreviewed

CVE-2022-43398 was published Nov 8, 2022

A vulnerability has been identified in SICAM P850 (All versions < V3.10), SICAM P850 (All... High Unreviewed

CVE-2022-40226 was published Oct 11, 2022

A privilege escalation vulnerability exists in the session id functionality of WWBN AVideo 11.6... High Unreviewed

CVE-2022-30605 was published Aug 23, 2022

Improper Access Control in GitHub repository namelessmc/nameless prior to v2.0.2. High Unreviewed

CVE-2022-2820 was published Aug 16, 2022

Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 allows attackers to access the core log... High Unreviewed

CVE-2022-34536 was published Jul 20, 2022

Session fixation vulnerability in access control management in Synology Photo Station before 6.8... High Unreviewed

CVE-2022-22681 was published Jul 7, 2022

The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower has incorrectly... High Unreviewed

CVE-2020-25198 was published May 24, 2022

SolarWinds N-central through 2020.1 allows session hijacking and requires user interaction or... High Unreviewed

CVE-2020-15909 was published May 24, 2022

Session fixation vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT... High Unreviewed

CVE-2020-5645 was published May 24, 2022

Previous 1 2 3 4 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

88 advisories