Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,758
Maven
5,000+
npm
4,364
NuGet
766
pip
4,132
Pub
12
RubyGems
961
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

339 advisories

Loading
A session fixation vulnerability was discovered in Ice Hrm 29.0.0 OS which allows an attacker to... Moderate Unreviewed
CVE-2021-35046 was published May 24, 2022
Cubecart 6.4.2 allows Session Fixation. The application does not generate a new session cookie... Moderate Unreviewed
CVE-2021-33394 was published May 24, 2022
In VOS user session identifier (authentication token) is issued to the browser prior to... High Unreviewed
CVE-2018-16495 was published May 24, 2022
The authentication token required to execute NSDP write requests on NETGEAR JGS516PE/GS116Ev2 v2... High Unreviewed
CVE-2020-35229 was published May 24, 2022
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are... Moderate Unreviewed
CVE-2019-18946 was published May 24, 2022
Pi-hole 5.0, 5.1, and 5.1.1 allows Session Fixation. The application does not generate a new... Moderate Unreviewed
CVE-2020-35591 was published May 24, 2022
IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to bypass... Moderate Unreviewed
CVE-2020-4954 was published May 24, 2022
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 does not invalidate session after a password... Moderate Unreviewed
CVE-2020-5021 was published May 24, 2022
IBM Financial Transaction Manager 3.0.6 and 3.1.0 does not invalidate session after logout which... Moderate Unreviewed
CVE-2020-4555 was published May 24, 2022
Session fixation vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series ... High Unreviewed
CVE-2020-5654 was published May 24, 2022
IBM Security Directory Server 6.4.0 does not set the secure attribute on authorization tokens or... Moderate Unreviewed
CVE-2019-4563 was published May 24, 2022
On versions 3.0.0-3.3.0, the NGINX Controller webserver does not invalidate the server-side... High Unreviewed
CVE-2020-5894 was published May 24, 2022
Initially, a user opens a Private Browsing Window and generates a password for a site, then... Low Unreviewed
CVE-2020-6824 was published May 24, 2022
An issue was discovered in DAViCal Andrew's Web Libraries (AWL) through 0.60. Session management... High Unreviewed
CVE-2020-11728 was published May 24, 2022
Insufficient session validation in Intel(R) Baseboard Management Controller firmware may allow an... High Unreviewed
CVE-2019-11173 was published May 24, 2022
clonos.php in ClonOS WEB control panel 19.09 allows remote attackers to gain full access via... Critical Unreviewed
CVE-2019-18418 was published May 24, 2022
eQ-3 HomeMatic CCU3 firmware 3.41.11 allows session fixation. An attacker can create session IDs... High Unreviewed
CVE-2019-15849 was published May 24, 2022
A session fixation vulnerability in J-Web on Junos OS may allow an attacker to use social... Moderate Unreviewed
CVE-2019-0062 was published May 24, 2022
IBM MQ 8.0.0.4 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 AMQP Listeners... High Unreviewed
CVE-2019-4227 was published May 24, 2022
IBM WebSphere Application Server - Liberty could allow a remote attacker to bypass security... Moderate Unreviewed
CVE-2019-4304 was published May 24, 2022
An internal product security audit discovered a session handling vulnerability in the web... High Unreviewed
CVE-2019-6161 was published May 24, 2022
A remote session reuse vulnerability was discovered in HPE 3PAR StoreServ Management and Core... High Unreviewed
CVE-2019-5406 was published May 24, 2022
A remote session reuse vulnerability was discovered in HPE 3PAR Service Processor version(s):... Moderate Unreviewed
CVE-2019-5400 was published May 24, 2022
Wind River VxWorks 6.5 through 6.9 and vx7 has Session Fixation in the TCP component. This is a... High Unreviewed
CVE-2019-12258 was published May 24, 2022
Jenkins Gitlab Authentication Plugin vulnerable to Session Fixation High
CVE-2019-10371 was published for org.jenkins-ci.plugins:gitlab-oauth (Maven) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database