Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

120 advisories

Loading
aiohttp-session Session Fixation vulnerability High
CVE-2018-1000519 was published for aiohttp-session (pip) Sep 13, 2018
Access and integrity issue within Eclipse Jetty High
CVE-2018-12538 was published for org.eclipse.jetty:jetty-server (Maven) Oct 16, 2018
Improper Authentication in org.keycloak:keycloak-core High
CVE-2016-8609 was published for org.keycloak:keycloak-core (Maven) Oct 18, 2018
Session Fixation in Tryton High
CVE-2018-19443 was published for tryton (pip) Nov 29, 2018
Session Fixation in Apache Zeppelin High
CVE-2017-12619 was published for org.apache.zeppelin:zeppelin (Maven) Apr 24, 2019
In Apache Tomcat, when using FORM authentication there was a narrow window where an attacker could perform a session fixation attack High
CVE-2019-17563 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Dec 26, 2019
Insufficient Session Expiration in Kiali High
CVE-2020-1762 was published for github.com/kiali/kiali (Go) May 18, 2021
Session Fixation vulnerability in login.php in Pluck-CMS Pluck 4.7.15 allows an attacker to... High Unreviewed
CVE-2021-31745 was published Dec 11, 2021
An issue was discovered in Reprise RLM 14.2. As the session cookies are small, an attacker can... High Unreviewed
CVE-2021-44151 was published Dec 14, 2021
DELL EMC AppSync versions 3.9 to 4.3 use GET request method with sensitive query strings. An... High Unreviewed
CVE-2022-22551 was published Jan 22, 2022
IBM Financial Transaction Manager 3.2.4 does not invalidate session any existing session... High Unreviewed
CVE-2021-39066 was published Feb 3, 2022
Session Fixation in WildFly Elytron High
CVE-2020-10714 was published for org.wildfly.security:wildfly-elytron (Maven) Feb 15, 2022
A session fixation vulnerability in the B. Braun Melsungen AG SpaceCom administrative interface... High Unreviewed
CVE-2020-25152 was published Apr 15, 2022
Joomla! Core is prone to a session fixation vulnerability. An attacker may leverage this issue to... High Unreviewed
CVE-2010-1434 was published Apr 21, 2022
OpenSSL and SSLeay allow remote attackers to reuse SSL sessions and bypass access controls. High Unreviewed
CVE-1999-0428 was published Apr 30, 2022
Session fixation vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers to... High Unreviewed
CVE-2007-4188 was published May 1, 2022
Authentication library in TYPO3 vulnerable to session fixation High
CVE-2009-0256 was published for typo3/cms (Composer) May 2, 2022
A vulnerability in the web management interface of Brocade Fabric OS versions before 8.2.1, 8.1... High Unreviewed
CVE-2018-6434 was published May 13, 2022
Session Fixation in Apache CXF High
CVE-2017-5656 was published for org.apache.cxf:cxf-core (Maven) May 13, 2022
sunSUNQ
In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time... High Unreviewed
CVE-2018-17199 was published May 13, 2022
A session fixation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to... High Unreviewed
CVE-2018-9026 was published May 13, 2022
Insufficient session authentication in web server for Intel(R) Data Center Manager SDK before... High Unreviewed
CVE-2019-0102 was published May 13, 2022
In Pulse Secure Pulse Desktop Client and Network Connect, an attacker could access session tokens... High Unreviewed
CVE-2019-11213 was published May 13, 2022
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. When authenticating a user or... High Unreviewed
CVE-2018-8852 was published May 13, 2022
A Session Fixation issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000,... High Unreviewed
CVE-2018-5465 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database