GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
114 advisories
Filter by severity
The H2-DM1E PLC's authentication protocol appears to utilize either a custom encoding scheme or a...
High
Unreviewed
CVE-2024-45368
was published
Sep 13, 2024
Session is cached for OpenID and OAuth2 if `redirect` is not used
High
CVE-2024-45596
was published
for
@directus/api
(npm)
Sep 10, 2024
Keycloak Session Fixation vulnerability
High
CVE-2024-7341
was published
for
org.keycloak:keycloak-services
(Maven)
Sep 9, 2024
An issue in Outline <= v0.76.1 allows attackers to execute a session hijacking attack via user...
High
Unreviewed
CVE-2024-37829
was published
Jul 9, 2024
TYPO3 frontend login vulnerable to Session Fixation
High
GHSA-r9vc-jfmh-6j48
was published
for
typo3/cms
(Composer)
May 30, 2024
silverstripe/framework's User-Agent header not correctly invalidating user session
High
GHSA-4qx8-j9vh-2628
was published
for
silverstripe/framework
(Composer)
May 27, 2024
Session Hijack vulnerability in Deprecated VMware Enhanced Authentication Plug-in could allow a...
High
Unreviewed
CVE-2024-22250
was published
Feb 20, 2024
An issue was discovered in Mbed TLS through 3.5.1. In mbedtls_ssl_session_reset, the maximum...
High
Unreviewed
CVE-2023-52353
was published
Jan 22, 2024
A session hijacking vulnerability has been detected in the Imou Life application affecting...
High
Unreviewed
CVE-2023-6913
was published
Dec 19, 2023
A session fixation vulnerability in South River Technologies' Titan MFT and Titan SFTP servers on...
High
Unreviewed
CVE-2023-45687
was published
Oct 16, 2023
Uptime Kuma has Persistentent User Sessions
High
CVE-2023-44400
was published
for
uptime-kuma
(npm)
Oct 10, 2023
Session Fixation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows...
High
Unreviewed
CVE-2023-3711
was published
Sep 12, 2023
Apache Airflow Session Fixation vulnerability
High
CVE-2023-40273
was published
for
apache-airflow
(pip)
Aug 23, 2023
In certain conditions, depending on timing and the usage of the Chrome web browser, Guardian/CMC...
High
Unreviewed
CVE-2023-24477
was published
Aug 9, 2023
Jenkins OpenShift Login Plugin session fixation vulnerability
High
CVE-2023-37946
was published
for
org.openshift.jenkins:openshift-login
(Maven)
Jul 12, 2023
Some access control products are vulnerable to a session hijacking attack because the product...
High
Unreviewed
CVE-2023-28809
was published
Jun 15, 2023
Jenkins CAS Plugin Session Fixation vulnerability
High
CVE-2023-32997
was published
for
org.jenkins-ci.plugins:cas-plugin
(Maven)
May 16, 2023
Jenkins WSO2 Oauth Plugin Session Fixation vulnerability
High
CVE-2023-33005
was published
for
org.jenkins-ci.plugins:wso2id-oauth
(Maven)
May 16, 2023
A session takeover vulnerability exists in FICO Origination Manager Decision Module 4.8.1 due to...
High
Unreviewed
CVE-2023-30056
was published
May 9, 2023
Session fixation in fastify-passport
High
CVE-2023-29019
was published
for
@fastify/passport
(npm)
Apr 21, 2023
Session Fixation vulnerability in in function login in class.auth.php in osTicket through 1.16.2.
High
Unreviewed
CVE-2022-31888
was published
Apr 6, 2023
Moodle Session Fixation vulnerability
High
CVE-2021-36394
was published
for
moodle/moodle
(Composer)
Mar 6, 2023
Session fixation vulnerability in Jenkins OpenID Plugin
High
CVE-2023-24444
was published
for
org.jenkins-ci.plugins:openid
(Maven)
Jan 26, 2023
Session fixation vulnerability in Jenkins OpenId Connect Authentication Plugin
High
CVE-2023-24424
was published
for
org.jenkins-ci.plugins:oic-auth
(Maven)
Jan 26, 2023
Session fixation vulnerability in CuppaCMS thru commit 4c9b742b23b924cf4c1f943f48b278e06a17e297...
High
Unreviewed
CVE-2021-29368
was published
Jan 20, 2023
ProTip!
Advisories are also available from the
GraphQL API