Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,758
Maven
5,000+
npm
4,364
NuGet
766
pip
4,132
Pub
12
RubyGems
961
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

339 advisories

Loading
A session management issue was addressed with improved checks. This issue is fixed in macOS... Low Unreviewed
CVE-2025-43516 was published Dec 12, 2025
Screen SFT DAB 1.9.3 contains a weak session management vulnerability that allows attackers to... High Unreviewed
CVE-2023-53741 was published Dec 10, 2025
Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to... High Unreviewed
CVE-2023-53776 was published Dec 11, 2025
Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to... High Unreviewed
CVE-2023-53775 was published Dec 11, 2025
A vulnerability has been identified in SICAM P850 (All versions < V3.10), SICAM P850 (All... High Unreviewed
CVE-2022-40226 was published Oct 11, 2022
Overhang Tutor Discloses Sensitive Information due to Improper Cache-Control Low
CVE-2025-65681 was published for tutor (pip) Nov 26, 2025
A session fixation vulnerability exists in Blood Bank Management System 1.0 in login.php that... Moderate Unreviewed
CVE-2025-63529 was published Dec 1, 2025
Keycloak vulnerable to session takeovers due to reuse of session identifiers Moderate
CVE-2025-12390 was published for org.keycloak:keycloak-services (Maven) Oct 28, 2025
levpachmanov
Credited to levpachmanov
A vulnerability in the web management interface of the AOS-CX OS user authentication service... Moderate Unreviewed
CVE-2025-37159 was published Nov 18, 2025
Session is cached for OpenID and OAuth2 if `redirect` is not used High
CVE-2024-45596 was published for @directus/api (npm) Sep 10, 2024
joselcvarela
Credited to joselcvarela
Apache Tomcat Session Fixation vulnerability Moderate
CVE-2025-55668 was published for org.apache.tomcat:tomcat-catalina (Maven) Aug 13, 2025
An attacker who can spoof the IP address and the User-Agent of a logged-in user can takeover the... Moderate Unreviewed
CVE-2024-28144 was published Dec 12, 2024
CKAN vulnerable to fixed session IDs Moderate
CVE-2025-64100 was published for ckan (pip) Oct 29, 2025
Internet Starter, one of SoftCOM iKSORIS system modules, allows for setting an arbitrary session... Low Unreviewed
CVE-2024-49709 was published Apr 14, 2025
Creativeitem Academy LMS up to and including 5.13 does not regenerate session IDs upon successful... Low Unreviewed
CVE-2025-56746 was published Oct 15, 2025
Session Fixation vulnerability in Rolantis Information Technologies Agentis allows Session... High Unreviewed
CVE-2025-10228 was published Oct 14, 2025
Session Fixation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows... High Unreviewed
CVE-2023-3711 was published Sep 12, 2023
Payload's SQLite adapter Session Fixation vulnerability Moderate
CVE-2025-4644 was published for @payloadcms/graphql (npm) Aug 29, 2025
A vulnerability was found in givanz Vvveb 1.0.6.1. It has been declared as critical. Affected by... Moderate Unreviewed
CVE-2025-8517 was published Aug 4, 2025
File Browser’s insecure JWT handling can lead to session replay attacks after logout High
CVE-2025-53826 was published for github.com/filebrowser/filebrowser (Go) Jul 16, 2025
maen08 hacdias
Credited to maen08 and hacdias
HCL IEM is affected by a cookie attribute not set vulnerability due to inconsistency of certain... Low Unreviewed
CVE-2025-0253 was published Jul 25, 2025
HCL IEM is affected by a concurrent login vulnerability.  The application allows multiple... Low Unreviewed
CVE-2025-0251 was published Jul 25, 2025
IBM Db2 Mirror for i 7.4, 7.5, and 7.6 does not disallow the session id after use which could... Moderate Unreviewed
CVE-2025-36117 was published Jul 23, 2025
Successful exploitation of the vulnerability could allow an unauthenticated attacker to obtain a... Critical Unreviewed
CVE-2025-52689 was published Jul 16, 2025
aiohttp-session Session Fixation vulnerability High
CVE-2018-1000519 was published for aiohttp-session (pip) Sep 13, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database