Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

120 advisories

Loading
Navarino Infinity is prone to session fixation attacks. The server accepts the session ID as a... High Unreviewed
CVE-2018-5385 was published May 13, 2022
Improper Session Management in SAP Business Objects, 4.0, from 4.10, from 4.20, 4.30, CMC/BI... High Unreviewed
CVE-2018-2408 was published May 13, 2022
Improper session management when using SAP Cloud Platform 2.0 (Connectivity Service and Cloud... High Unreviewed
CVE-2018-2409 was published May 13, 2022
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does not renew a session variable after... High Unreviewed
CVE-2018-1375 was published May 13, 2022
Tendrl API in Red Hat Gluster Storage before 3.4.0 does not immediately remove session tokens... High Unreviewed
CVE-2018-1127 was published May 13, 2022
An issue was discovered in Mahara before 15.04.14, 16.x before 16.04.8, 16.10.x before 16.10.5,... High Unreviewed
CVE-2017-14163 was published May 13, 2022
Honeywell NVR devices allow remote attackers to create a user account in the admin group by... High Unreviewed
CVE-2017-14263 was published May 13, 2022
An issue was discovered in Cloud Foundry Foundation Cloud Foundry release v252 and earlier... High Unreviewed
CVE-2017-4963 was published May 14, 2022
An issue was discovered on PHOENIX CONTACT FL NAT SMCS 8TX, FL NAT SMN 8TX, FL NAT SMN 8TX-M, and... High Unreviewed
CVE-2019-9744 was published May 14, 2022
AxiomSL's Axiom Google Web Toolkit module 9.5.3 and earlier is vulnerable to a Session Fixation... High Unreviewed
CVE-2015-5384 was published May 14, 2022
The console login resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before... High Unreviewed
CVE-2017-18105 was published May 14, 2022
Symfony Session Fixation Vulnerability High
CVE-2018-11385 was published for symfony/security (Composer) May 14, 2022
Various rest resources in Atlassian Crowd before version 3.2.7 and from version 3.3.0 before... High Unreviewed
CVE-2018-20238 was published May 14, 2022
Session fixation exists in ZoneMinder through 1.32.3, as an attacker can fixate his own session... High Unreviewed
CVE-2019-7350 was published May 14, 2022
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the password... High Unreviewed
CVE-2018-9082 was published May 14, 2022
An issue was discovered in WonderCMS before 2.5.2. An attacker can create a new session on a web... High Unreviewed
CVE-2018-14387 was published May 14, 2022
Monstra CMS 3.0.4 has a Session Management Issue in the Administrations Tab. A password change at... High Unreviewed
CVE-2018-11474 was published May 14, 2022
Monstra CMS 3.0.4 has a Session Management Issue in the Users tab. A password change at users/1... High Unreviewed
CVE-2018-11475 was published May 14, 2022
ClipperCMS 1.3.3 allows Session Fixation. High Unreviewed
CVE-2018-11571 was published May 14, 2022
An issue was discovered on Actiontec WCB6200Q before 1.1.10.20a devices. The admin login session... High Unreviewed
CVE-2018-10252 was published May 14, 2022
Red Hat CloudForms 2 Management Engine (CFME) allows remote attackers to conduct session... High Unreviewed
CVE-2013-2049 was published May 14, 2022
Session fixation vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3... High Unreviewed
CVE-2018-0564 was published May 14, 2022
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon... High Unreviewed
CVE-2017-18125 was published May 14, 2022
A Session Fixation Vulnerability exists in the MT4 Networks SenhaSegura Web Application 2.2.23.8... High Unreviewed
CVE-2017-11562 was published May 14, 2022
Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 are vulnerable to prevent session IDs from... High Unreviewed
CVE-2017-1000150 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database