Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

232 advisories

Loading
Session Fixation vulnerability in Drupal Two-factor Authentication (TFA) allows Session Fixation... Critical Unreviewed
CVE-2024-13279 was published Jan 9, 2025
An attacker who can spoof the IP address and the User-Agent of a logged-in user can takeover the... Moderate Unreviewed
CVE-2024-28144 was published Dec 12, 2024
Session Fixation vulnerabilities allow an attacker to fix a users session identifier before login... Critical Unreviewed
CVE-2024-11317 was published Dec 5, 2024
A Session Fixation vulnerability exists in chatwoot/chatwoot versions prior to 2.4.0. The... Moderate Unreviewed
CVE-2021-3740 was published Nov 15, 2024
The End-User Portal module before 1.0.65 for FreeScout sometimes allows an attacker to... Critical Unreviewed
CVE-2023-52268 was published Nov 12, 2024
A session fixation in Fortinet FortiOS version 7.4.0 through 7.4.3 and 7.2.0 through 7.2.7 and 7... High Unreviewed
CVE-2023-50176 was published Nov 12, 2024
A session fixation issue was discovered in the NGINX OpenID Connect reference implementation,... Moderate Unreviewed
CVE-2024-10318 was published Nov 6, 2024
In NetAdmin 4.0.30319, an attacker can steal a valid session cookie and inject it into another... High Unreviewed
CVE-2024-48955 was published Oct 29, 2024
A vulnerability classified as problematic has been found in PHPGurukul Boat Booking System 1.0.... Moderate Unreviewed
CVE-2024-10158 was published Oct 20, 2024
Session Fixation vulnerability in Oceanic Software ValeApp allows Brute Force, Session Hijacking... Critical Unreviewed
CVE-2024-8643 was published Sep 27, 2024
The H2-DM1E PLC's authentication protocol appears to utilize either a custom encoding scheme or a... High Unreviewed
CVE-2024-45368 was published Sep 13, 2024
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP2).... Moderate Unreviewed
CVE-2024-42345 was published Sep 10, 2024
IBM Aspera Shares 1.10.0 PL2 does not invalidate session after a password change which could... Moderate Unreviewed
CVE-2023-38018 was published Aug 12, 2024
An issue in Outline <= v0.76.1 allows attackers to execute a session hijacking attack via user... High Unreviewed
CVE-2024-37829 was published Jul 9, 2024
A session fixation vulnerability in Bludit allows an attacker to bypass the server's... Unknown Unreviewed
CVE-2024-24552 was published Jun 24, 2024
E-Mails exported as PDF were stored in a cache that did not consider specific session information... Moderate Unreviewed
CVE-2024-23193 was published May 6, 2024
IBM Storage Scale 5.1.0.0 through 5.1.9.2 could allow an authenticated user to steal or... Moderate Unreviewed
CVE-2023-38002 was published Apr 30, 2024
Dell Storage Resource Manager, 4.9.0.0 and below, contain(s) a Session Fixation Vulnerability in... Moderate Unreviewed
CVE-2024-0157 was published Apr 12, 2024
A vulnerability was found in Bdtask Wholesale Inventory Management System up to 20240311. It has... Moderate Unreviewed
CVE-2024-2639 was published Mar 19, 2024
Session Hijack vulnerability in Deprecated VMware Enhanced Authentication Plug-in could allow a... High Unreviewed
CVE-2024-22250 was published Feb 20, 2024
Sametime is impacted by a failure to invalidate sessions. The application is setting sensitive... Low Unreviewed
CVE-2023-45718 was published Feb 10, 2024
IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable... Moderate Unreviewed
CVE-2024-22318 was published Feb 9, 2024
IBM PowerSC 1.3, 2.0, and 2.1 does not provide logout functionality, which could allow an... Moderate Unreviewed
CVE-2023-50941 was published Feb 2, 2024
An issue was discovered in Mbed TLS through 3.5.1. In mbedtls_ssl_session_reset, the maximum... High Unreviewed
CVE-2023-52353 was published Jan 22, 2024
An issue was discovered on GL.iNet devices before version 4.5.0. They assign the same session ID... Moderate Unreviewed
CVE-2023-50920 was published Jan 12, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database