Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

131 advisories

Loading
Payload's SQLite adapter Session Fixation vulnerability Moderate
CVE-2025-4644 was published for @payloadcms/graphql (npm) Aug 29, 2025
A vulnerability was found in givanz Vvveb 1.0.6.1. It has been declared as critical. Affected by... Moderate Unreviewed
CVE-2025-8517 was published Aug 4, 2025
Apache Tomcat Session Fixation vulnerability Moderate
CVE-2025-55668 was published for org.apache.tomcat:tomcat-catalina (Maven) Aug 13, 2025
IBM Db2 Mirror for i 7.4, 7.5, and 7.6 does not disallow the session id after use which could... Moderate Unreviewed
CVE-2025-36117 was published Jul 23, 2025
Moodle Session Fixation allows unauthenticated users to hijack sessions via sesskey parameter Moderate
CVE-2025-53021 was published for moodle/moodle (Composer) Jun 24, 2025
zenml Session Fixation vulnerability Moderate
CVE-2024-2260 was published for zenml (pip) Apr 16, 2024
Session fixation exists in ZoneMinder through 1.36.12 as an attacker can poison a session cookie... Moderate Unreviewed
CVE-2022-30769 was published Nov 16, 2022
An issue was discovered in Appalti & Contratti 9.12.2. It allows Session Fixation. When a user... Moderate Unreviewed
CVE-2022-44788 was published Nov 22, 2022
A vulnerability in the web functionality of the Cisco Prime LAN Management Solution could allow... Moderate Unreviewed
CVE-2017-12225 was published May 13, 2022
Nextcloud Server before 11.0.3 is vulnerable to an improper session handling allowed an... Moderate Unreviewed
CVE-2017-0892 was published May 13, 2022
Session fixation vulnerability in the forgot password mechanism in Revive Adserver before 4.0.1,... Moderate Unreviewed
CVE-2017-5831 was published May 17, 2022
Moodle Session Fixation vulnerability Moderate
CVE-2010-1613 was published for moodle/moodle (Composer) May 13, 2022
E-Mails exported as PDF were stored in a cache that did not consider specific session information... Moderate Unreviewed
CVE-2024-23193 was published May 6, 2024
Keycloak vulnerable to session hijacking via re-authentication Moderate
CVE-2023-6787 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
The Service Layer in SAP Business One, allows attackers to potentially gain unauthorized access... Moderate Unreviewed
CVE-2025-26658 was published Mar 11, 2025
IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages with Watson Assistant chat feature... Moderate Unreviewed
CVE-2024-49344 was published Feb 20, 2025
OXID eShop 6.2.x before 6.4.4 and 6.5.x before 6.5.2 allows session hijacking, leading to partial... Moderate Unreviewed
CVE-2023-26260 was published Apr 11, 2023
HCL iAutomate is affected by a session fixation vulnerability.  An attacker could hijack a victim... Moderate Unreviewed
CVE-2024-42207 was published Feb 5, 2025
An improper session validation allows an unauthenticated attacker to cause certain request... Moderate Unreviewed
CVE-2025-24502 was published Jan 30, 2025
Dell Storage Resource Manager, 4.9.0.0 and below, contain(s) a Session Fixation Vulnerability in... Moderate Unreviewed
CVE-2024-0157 was published Apr 12, 2024
A UAA configured with multiple identity zones, does not properly validate session information... Moderate Unreviewed
CVE-2025-22216 was published Jan 31, 2025
HCL MyXalytics is affected by a session fixation vulnerability. Cyber-criminals can exploit this... Moderate Unreviewed
CVE-2024-42171 was published Jan 11, 2025
HCL MyXalytics is affected by a session fixation vulnerability. Cyber-criminals can exploit this... Moderate Unreviewed
CVE-2024-42170 was published Jan 11, 2025
Password Pusher Allows Session Token Interception Leading to Potential Hijacking Moderate
CVE-2024-56733 was published for pwpush (RubyGems) Dec 30, 2024
Vulnerability of services denied by early fingerprint APIs on HarmonyOS products.Successful... Moderate Unreviewed
CVE-2023-34156 was published Jun 19, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database