Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

125 advisories

Loading
File Browser’s insecure JWT handling can lead to session replay attacks after logout High
CVE-2025-53826 was published for github.com/filebrowser/filebrowser (Go) Jul 16, 2025
maen08 hacdias
aiohttp-session Session Fixation vulnerability High
CVE-2018-1000519 was published for aiohttp-session (pip) Sep 13, 2018
Apache Kylin Session Fixation vulnerability High
CVE-2024-23590 was published for org.apache.kylin:kylin (Maven) Nov 4, 2024
ZITADEL Allows IdP Intent Token Reuse High
CVE-2025-46815 was published for github.com/zitadel/zitadel (Go) May 6, 2025
cfx livio-a
fforootd
An issue was discovered in Reprise RLM 14.2. As the session cookies are small, an attacker can... High Unreviewed
CVE-2021-44151 was published Dec 14, 2021
This vulnerability exists in Meon KYC solutions due to improper handling of access and refresh... High Unreviewed
CVE-2025-42602 was published Apr 23, 2025
An issue was discovered in Cloud Foundry Foundation Cloud Foundry release v252 and earlier... High Unreviewed
CVE-2017-4963 was published May 14, 2022
An OAuth session fixation vulnerability existed in the VPN login flow, where an attacker could... High Unreviewed
CVE-2020-15679 was published Dec 22, 2022
When configured using SAML, a session fixation vulnerability in the GlobalProtect™ login enables... High Unreviewed
CVE-2025-0126 was published Apr 11, 2025
Session fixation vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers to... High Unreviewed
CVE-2007-4188 was published May 1, 2022
In NetAdmin 4.0.30319, an attacker can steal a valid session cookie and inject it into another... High Unreviewed
CVE-2024-48955 was published Oct 29, 2024
Session Fixation vulnerability in in function login in class.auth.php in osTicket through 1.16.2. High Unreviewed
CVE-2022-31888 was published Apr 6, 2023
Mailcow through 2024-11b has a session fixation vulnerability in the web panel. It allows remote... High Unreviewed
CVE-2024-56529 was published Jan 29, 2025
Account Takeover via Session Fixation in Zitadel [Bypassing MFA] High
CVE-2024-28197 was published for github.com/zitadel/zitadel (Go) Mar 11, 2024
amit-laish
Keycloak has session fixation in Elytron SAML adapters High
CVE-2024-7341 was published for org.keycloak:keycloak-services (Maven) Oct 14, 2024
Chetven
Duplicate Advisory: Keycloak Session Fixation vulnerability High
GHSA-j76j-rqwj-jmvv was published for org.keycloak:keycloak-services (Maven) Sep 9, 2024 withdrawn
stianst
An issue was discovered with the JSESSION IDs in Xiamen Si Xin Communication Technology Video... High Unreviewed
CVE-2023-34656 was published Jun 29, 2023
Session fixation vulnerability in Jenkins OpenId Connect Authentication Plugin High
CVE-2024-52553 was published for org.jenkins-ci.plugins:oic-auth (Maven) Nov 13, 2024
Session Fixation in Tryton High
CVE-2018-19443 was published for tryton (pip) Nov 29, 2018
A session fixation in Fortinet FortiOS version 7.4.0 through 7.4.3 and 7.2.0 through 7.2.7 and 7... High Unreviewed
CVE-2023-50176 was published Nov 12, 2024
The H2-DM1E PLC's authentication protocol appears to utilize either a custom encoding scheme or a... High Unreviewed
CVE-2024-45368 was published Sep 13, 2024
Apache Airflow Session Fixation vulnerability High
CVE-2023-40273 was published for apache-airflow (pip) Aug 23, 2023
Session is cached for OpenID and OAuth2 if `redirect` is not used High
CVE-2024-45596 was published for @directus/api (npm) Sep 10, 2024
joselcvarela
An issue in Outline <= v0.76.1 allows attackers to execute a session hijacking attack via user... High Unreviewed
CVE-2024-37829 was published Jul 9, 2024
TYPO3 frontend login vulnerable to Session Fixation High
GHSA-r9vc-jfmh-6j48 was published for typo3/cms (Composer) May 30, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database