GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
114 advisories
Filter by severity
An internal product security audit discovered a session handling vulnerability in the web...
High
Unreviewed
CVE-2019-6161
was published
May 24, 2022
A remote session reuse vulnerability was discovered in HPE 3PAR StoreServ Management and Core...
High
Unreviewed
CVE-2019-5406
was published
May 24, 2022
Wind River VxWorks 6.5 through 6.9 and vx7 has Session Fixation in the TCP component. This is a...
High
Unreviewed
CVE-2019-12258
was published
May 24, 2022
Jenkins Gitlab Authentication Plugin vulnerable to Session Fixation
High
CVE-2019-10371
was published
for
org.jenkins-ci.plugins:gitlab-oauth
(Maven)
May 24, 2022
Magento 2 Community Edition Session Fixation Check
High
CVE-2019-7849
was published
for
magento/community-edition
(Composer)
May 24, 2022
On eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16, automatic login...
High
Unreviewed
CVE-2019-10120
was published
May 24, 2022
A vulnerability in the session management functionality of the web UI for the Cisco Umbrella...
High
Unreviewed
CVE-2019-1807
was published
May 24, 2022
BPC SmartVista 2 has Session Fixation via the JSESSIONID parameter.
High
Unreviewed
CVE-2018-15208
was published
May 24, 2022
Zoho ManageEngine ServiceDesk 9.3 allows session hijacking and privilege escalation because an...
High
Unreviewed
CVE-2019-10008
was published
May 24, 2022
Tivoli Storage Manager Operations Center could allow a local user to take over a previously...
High
Unreviewed
CVE-2016-6043
was published
May 17, 2022
Session fixation vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack...
High
Unreviewed
CVE-2016-10205
was published
May 17, 2022
In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could occur, aka NSWA-1310.
High
Unreviewed
CVE-2017-6412
was published
May 17, 2022
Session fixation vulnerability in pcsd in pcs before 0.9.157.
High
Unreviewed
CVE-2016-0721
was published
May 17, 2022
Session Side jacking vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9...
High
Unreviewed
CVE-2017-4014
was published
May 17, 2022
IBM AppScan Enterprise Edition 9.0 contains an unspecified vulnerability that could allow an...
High
Unreviewed
CVE-2016-9981
was published
May 17, 2022
** DISPUTED ** FreeIPA 4.x with API version 2.213 allows a remote authenticated users to bypass...
High
Unreviewed
CVE-2017-11191
was published
May 17, 2022
Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 are vulnerable to prevent session IDs from...
High
Unreviewed
CVE-2017-1000150
was published
May 17, 2022
A Session Fixation Vulnerability exists in the MT4 Networks SenhaSegura Web Application 2.2.23.8...
High
Unreviewed
CVE-2017-11562
was published
May 14, 2022
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon...
High
Unreviewed
CVE-2017-18125
was published
May 14, 2022
Session fixation vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3...
High
Unreviewed
CVE-2018-0564
was published
May 14, 2022
Red Hat CloudForms 2 Management Engine (CFME) allows remote attackers to conduct session...
High
Unreviewed
CVE-2013-2049
was published
May 14, 2022
An issue was discovered on Actiontec WCB6200Q before 1.1.10.20a devices. The admin login session...
High
Unreviewed
CVE-2018-10252
was published
May 14, 2022
Monstra CMS 3.0.4 has a Session Management Issue in the Users tab. A password change at users/1...
High
Unreviewed
CVE-2018-11475
was published
May 14, 2022
Monstra CMS 3.0.4 has a Session Management Issue in the Administrations Tab. A password change at...
High
Unreviewed
CVE-2018-11474
was published
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API