Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

131 advisories

Loading
IBM Security Access Manager 9.0.1 through 9.0.6 does not invalidate session tokens in a timely... Moderate Unreviewed
CVE-2019-4152 was published May 24, 2022
Shopware guest session is shared between customers Moderate
CVE-2022-24745 was published for shopware/platform (Composer) Mar 10, 2022
Session fixation vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7... Moderate Unreviewed
CVE-2014-4789 was published May 17, 2022
IBM Sterling Partner Engagement Manager 2.0 does not invalidate session after logout which could... Moderate Unreviewed
CVE-2022-34334 was published Oct 11, 2022
Session management issue in RX-V200 firmware versions prior to 09.87.17.09, RX-V100 firmware... Moderate Unreviewed
CVE-2017-10890 was published May 17, 2022
In Nessus before 7.1.0, Session Fixation exists due to insufficient session management within the... Moderate Unreviewed
CVE-2018-1148 was published May 14, 2022
Session Fixation in the web application for TerraMaster TOS version 3.1.03 allows attackers to... Moderate Unreviewed
CVE-2018-13337 was published May 14, 2022
A Session Fixation issue was discovered in Bigtree before 4.2.24. admin.php accepts a user... Moderate Unreviewed
CVE-2018-18380 was published May 14, 2022
Dell Wyse Management Suite 3.6.1 and below contains a Session Fixation vulnerability. A... Moderate Unreviewed
CVE-2022-33927 was published Aug 11, 2022
ubuntu-image 1.0 before 2017-07-07, when invoked as non-root, creates files in the resulting... Moderate Unreviewed
CVE-2017-10600 was published May 13, 2022
nss before version 3.30 is vulnerable to a remote denial of service during the session handshake... Moderate Unreviewed
CVE-2016-9574 was published May 13, 2022
A vulnerability in the session identification management functionality of the web-based... Moderate Unreviewed
CVE-2018-0359 was published May 13, 2022
IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 does not set the secure... Moderate Unreviewed
CVE-2017-1368 was published May 13, 2022
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior,... Moderate Unreviewed
CVE-2018-10591 was published May 13, 2022
IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not set the secure attribute... Moderate Unreviewed
CVE-2018-1484 was published May 13, 2022
IBM Jazz Foundation products could allow a user with physical access to the system to log in as... Moderate Unreviewed
CVE-2018-1492 was published May 13, 2022
IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not renew a session... Moderate Unreviewed
CVE-2018-1626 was published May 13, 2022
Session fixation vulnerability in SYNO.PhotoStation.Auth in Synology Photo Station before 6.8.7... Moderate Unreviewed
CVE-2018-13282 was published May 13, 2022
A vulnerability in the implementation of Security Assertion Markup Language (SAML) Single Sign-On... Moderate Unreviewed
CVE-2018-0229 was published May 13, 2022
IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not set the 'HttpOnly'... Moderate Unreviewed
CVE-2018-1480 was published May 13, 2022
Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The... Moderate Unreviewed
CVE-2018-17902 was published May 13, 2022
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance does not... Moderate Unreviewed
CVE-2018-1948 was published May 13, 2022
IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not renew a session variable... Moderate Unreviewed
CVE-2018-1485 was published May 13, 2022
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 does not... Moderate Unreviewed
CVE-2018-1804 was published May 13, 2022
Cloud Foundry Stratos, versions prior to 2.3.0, contains an insecure session that can be spoofed.... Moderate Unreviewed
CVE-2019-3784 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database