Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,758
Maven
5,000+
npm
4,364
NuGet
766
pip
4,132
Pub
12
RubyGems
961
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

339 advisories

Loading
The authentication token required to execute NSDP write requests on NETGEAR JGS516PE/GS116Ev2 v2... High Unreviewed
CVE-2020-35229 was published May 24, 2022
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are... Moderate Unreviewed
CVE-2019-18946 was published May 24, 2022
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 does not invalidate session after a password... Moderate Unreviewed
CVE-2020-5021 was published May 24, 2022
IBM Security Directory Server 6.4.0 does not set the secure attribute on authorization tokens or... Moderate Unreviewed
CVE-2019-4563 was published May 24, 2022
IBM Financial Transaction Manager 3.0.6 and 3.1.0 does not invalidate session after logout which... Moderate Unreviewed
CVE-2020-4555 was published May 24, 2022
Session fixation vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series ... High Unreviewed
CVE-2020-5654 was published May 24, 2022
Session Fixation in WildFly Elytron High
CVE-2020-10714 was published for org.wildfly.security:wildfly-elytron (Maven) Feb 15, 2022
IBM Cloud Private 3.1.0, 3.1.1, and 3.1.2 does not invalidate session after logout which could... Moderate Unreviewed
CVE-2019-4439 was published May 24, 2022
A session fixation vulnerability in J-Web on Junos OS may allow an attacker to use social... Moderate Unreviewed
CVE-2019-0062 was published May 24, 2022
In Apache Tomcat, when using FORM authentication there was a narrow window where an attacker could perform a session fixation attack High
CVE-2019-17563 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Dec 26, 2019
Jenkins Google Login Plugin Session Fixation vulnerability Moderate
CVE-2018-1000173 was published for org.jenkins-ci.plugins:google-login (Maven) May 14, 2022
A vulnerability, which was classified as critical, has been found in kassi xingwall. This issue... Moderate Unreviewed
CVE-2014-125048 was published Jan 6, 2023
IBM MQ 8.0.0.4 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 AMQP Listeners... High Unreviewed
CVE-2019-4227 was published May 24, 2022
IBM WebSphere Application Server - Liberty could allow a remote attacker to bypass security... Moderate Unreviewed
CVE-2019-4304 was published May 24, 2022
This vulnerability exists in Tacitine Firewall, all versions of EN6200-PRIME QUAD-35 and EN6200... Critical Unreviewed
CVE-2022-40630 was published Sep 25, 2022
Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 allows attackers to access the core log... High Unreviewed
CVE-2022-34536 was published Jul 20, 2022
Session fixation vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack... High Unreviewed
CVE-2016-10205 was published May 17, 2022
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior,... Moderate Unreviewed
CVE-2017-5141 was published May 17, 2022
In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could occur, aka NSWA-1310. High Unreviewed
CVE-2017-6412 was published May 17, 2022
IBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly update the SESSIONID with... Moderate Unreviewed
CVE-2017-1152 was published May 17, 2022
IBM Jazz Foundation could allow an authenticated user to take over a previously logged in user... Moderate Unreviewed
CVE-2016-6040 was published May 17, 2022
Tivoli Storage Manager Operations Center could allow a local user to take over a previously... High Unreviewed
CVE-2016-6043 was published May 17, 2022
Hybridsessions does not expire session id on logout Moderate
CVE-2022-24444 was published for silverstripe/hybridsessions (Composer) Jun 29, 2022
Session Side jacking vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9... High Unreviewed
CVE-2017-4014 was published May 17, 2022
Session fixation vulnerability in access control management in Synology Photo Station before 6.8... High Unreviewed
CVE-2022-22681 was published Jul 7, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database