GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,251
Erlang
31
GitHub Actions
21
Go
2,018
Maven
5,000+
npm
3,723
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
861
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
31 advisories
Filter by severity
Trendnet AC2600 TEW-827DRU version 2.08B01 contains a flaw in the session management for the...
Critical
Unreviewed
CVE-2021-20151
was published
Dec 31, 2021
TP-Link TL-WA850RE Wi-Fi Range Extender before v6_200923 was discovered to use highly predictable...
Critical
Unreviewed
CVE-2022-22922
was published
Feb 19, 2022
IBM QRadar SIEM 7.3, 7.4, and 7.5 in some situations may not automatically log users out after...
Critical
Unreviewed
CVE-2021-38869
was published
Apr 28, 2022
Session fixation vulnerability in the web interface in McAfee Network Security Manager (NSM)...
Critical
Unreviewed
CVE-2017-3968
was published
May 13, 2022
Revive Adserver before 3.2.3 suffers from session fixation, by allowing arbitrary session...
Critical
Unreviewed
CVE-2016-9125
was published
May 13, 2022
Session cookies are not used for maintaining valid sessions in iTrack Easy. The user's password...
Critical
Unreviewed
CVE-2016-6545
was published
May 13, 2022
Session fixation vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack web...
Critical
Unreviewed
CVE-2017-12965
was published
May 14, 2022
VMware vCloud Director for Service Providers 9.5.x prior to 9.5.0.3 update resolves a Remote...
Critical
Unreviewed
CVE-2019-5523
was published
May 14, 2022
DbNinja 3.2.7 allows session fixation via the data.php sessid parameter.
Critical
Unreviewed
CVE-2019-7747
was published
May 14, 2022
Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as...
Critical
Unreviewed
CVE-2018-18925
was published
May 14, 2022
An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel...
Critical
Unreviewed
CVE-2018-11714
was published
May 14, 2022
VMware vRealize Automation (vRA) prior to 7.4.0 contains a vulnerability in the handling of...
Critical
Unreviewed
CVE-2018-6959
was published
May 14, 2022
/bin/login.php in the Web Panel on the Airtame HDMI dongle with firmware before 3.0 allows an...
Critical
Unreviewed
CVE-2017-15304
was published
May 17, 2022
Session fixation vulnerability in Unit4 Polska TETA Web (formerly TETA Galactica) 22.62.3.4 and...
Critical
Unreviewed
CVE-2015-1174
was published
May 17, 2022
clonos.php in ClonOS WEB control panel 19.09 allows remote attackers to gain full access via...
Critical
Unreviewed
CVE-2019-18418
was published
May 24, 2022
Certain NetModule devices allow Limited Session Fixation via PHPSESSID. These models with...
Critical
Unreviewed
CVE-2021-39290
was published
May 24, 2022
** UNSUPPORTED WHEN ASSIGNED ** In ARCHIBUS Web Central 21.3.3.815 (a version from 2014), the Web...
Critical
Unreviewed
CVE-2021-41553
was published
May 24, 2022
Session fixation vulnerability in D-Link DIR-600L routers (rev. Ax) with firmware before FW1.17...
Critical
Unreviewed
CVE-2016-10405
was published
May 24, 2022
This vulnerability exists in Tacitine Firewall, all versions of EN6200-PRIME QUAD-35 and EN6200...
Critical
Unreviewed
CVE-2022-40630
was published
Sep 25, 2022
The application was vulnerable to a session fixation that could be used hijack accounts.
Critical
Unreviewed
CVE-2022-40293
was published
Nov 1, 2022
VMware Workspace ONE Assist prior to 22.10 contains a Session fixation vulnerability. A malicious...
Critical
Unreviewed
CVE-2022-31689
was published
Nov 10, 2022
A condition for session fixation vulnerability [CWE-384] in the session management of FortiWeb...
Critical
Unreviewed
CVE-2021-42761
was published
Feb 16, 2023
A security vulnerability has been discovered in the implementation of 2FA on the rocket.chat...
Critical
Unreviewed
CVE-2023-28316
was published
May 10, 2023
A privilege escalation issue was found in PHP Gurukul Hospital Management System In v.4.0 allows...
Critical
Unreviewed
CVE-2023-31498
was published
May 11, 2023
An issue in China Mobile Communications China Mobile Intelligent Home Gateway v.HG6543C4 allows a...
Critical
Unreviewed
CVE-2023-41012
was published
Sep 5, 2023
ProTip!
Advisories are also available from the
GraphQL API