Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

131 advisories

Loading
Laravel Hijacked authentication cookies vulnerability Moderate
GHSA-q4xf-7fw5-4x8v was published for illuminate/auth (Composer) May 15, 2024
E-Mails exported as PDF were stored in a cache that did not consider specific session information... Moderate Unreviewed
CVE-2024-23193 was published May 6, 2024
IBM Storage Scale 5.1.0.0 through 5.1.9.2 could allow an authenticated user to steal or... Moderate Unreviewed
CVE-2023-38002 was published Apr 30, 2024
Keycloak vulnerable to session hijacking via re-authentication Moderate
CVE-2023-6787 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
zenml Session Fixation vulnerability Moderate
CVE-2024-2260 was published for zenml (pip) Apr 16, 2024
Dell Storage Resource Manager, 4.9.0.0 and below, contain(s) a Session Fixation Vulnerability in... Moderate Unreviewed
CVE-2024-0157 was published Apr 12, 2024
Contao: Remember-me tokens will not be cleared after a password change Moderate
CVE-2024-30262 was published for contao/core-bundle (Composer) Apr 9, 2024
bytehead
A vulnerability was found in Bdtask Wholesale Inventory Management System up to 20240311. It has... Moderate Unreviewed
CVE-2024-2639 was published Mar 19, 2024
IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable... Moderate Unreviewed
CVE-2024-22318 was published Feb 9, 2024
Liferay Portal's account lockout does not invalidate existing user sessions Moderate
CVE-2023-47798 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 8, 2024
Graylog session fixation vulnerability through cookie injection Moderate
CVE-2024-24823 was published for org.graylog2:graylog2-server (Maven) Feb 7, 2024
fabsx00
IBM PowerSC 1.3, 2.0, and 2.1 does not provide logout functionality, which could allow an... Moderate Unreviewed
CVE-2023-50941 was published Feb 2, 2024
An issue was discovered on GL.iNet devices before version 4.5.0. They assign the same session ID... Moderate Unreviewed
CVE-2023-50920 was published Jan 12, 2024
Password Change Vulnerability Moderate
CVE-2023-49804 was published for uptime-kuma (npm) Dec 12, 2023
manoonabbasi
Symfony possible session fixation vulnerability Moderate
CVE-2023-46733 was published for symfony/security-http (Composer) Nov 12, 2023
RobertMe
Versions of Puppet Enterprise prior to 2021.7.6 and 2023.5 contain a flaw which results in broken... Moderate Unreviewed
CVE-2023-5309 was published Nov 7, 2023
Session Fixation in GitHub repository instantsoft/icms2 prior to 2.16.1. Moderate Unreviewed
CVE-2023-4649 was published Aug 31, 2023
In certain conditions, depending on timing and the usage of the Chrome web browser, Guardian/CMC... Moderate Unreviewed
CVE-2023-24477 was published Aug 9, 2023
In visitUris of RemoteViews.java, there is a possible leak of images between users due to a... Moderate Unreviewed
CVE-2023-21238 was published Jul 13, 2023
In visitUris of Notification.java, there is a possible way to leak image data across user... Moderate Unreviewed
CVE-2023-21239 was published Jul 13, 2023
Session Fixation in GitHub repository fossbilling/fossbilling prior to 0.5.1. Moderate Unreviewed
CVE-2023-3394 was published Jun 23, 2023
Vulnerability of services denied by early fingerprint APIs on HarmonyOS products.Successful... Moderate Unreviewed
CVE-2023-34156 was published Jun 19, 2023
Froxlor Session Fixation vulnerability Moderate
CVE-2023-3192 was published for froxlor/froxlor (Composer) Jun 11, 2023
An issue has been discovered in GitLab affecting all versions starting from 11.9 before 15.9.6,... Moderate Unreviewed
CVE-2023-1265 was published May 3, 2023
alextselegidis/easyappointments Session Fixation vulnerability Moderate
CVE-2023-2105 was published for alextselegidis/easyappointments (Composer) Apr 15, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database