Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

114 advisories

Loading
Access and integrity issue within Eclipse Jetty High
CVE-2018-12538 was published for org.eclipse.jetty:jetty-server (Maven) Oct 16, 2018
Insufficient Session Expiration in Kiali High
CVE-2020-1762 was published for github.com/kiali/kiali (Go) May 18, 2021
Improper Authentication in org.keycloak:keycloak-core High
CVE-2016-8609 was published for org.keycloak:keycloak-core (Maven) Oct 18, 2018
Session fixation vulnerability in Jenkins OpenID Plugin High
CVE-2023-24444 was published for org.jenkins-ci.plugins:openid (Maven) Jan 26, 2023
A session fixation vulnerability in the B. Braun Melsungen AG SpaceCom administrative interface... High Unreviewed
CVE-2020-25152 was published Apr 15, 2022
Joomla! Core is prone to a session fixation vulnerability. An attacker may leverage this issue to... High Unreviewed
CVE-2010-1434 was published Apr 21, 2022
Wind River VxWorks 6.5 through 6.9 and vx7 has Session Fixation in the TCP component. This is a... High Unreviewed
CVE-2019-12258 was published May 24, 2022
IBM AppScan Enterprise Edition 9.0 contains an unspecified vulnerability that could allow an... High Unreviewed
CVE-2016-9981 was published May 17, 2022
Session fixation vulnerability in access control management in Synology Photo Station before 6.8... High Unreviewed
CVE-2022-22681 was published Jul 7, 2022
Session Side jacking vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9... High Unreviewed
CVE-2017-4014 was published May 17, 2022
Tivoli Storage Manager Operations Center could allow a local user to take over a previously... High Unreviewed
CVE-2016-6043 was published May 17, 2022
In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could occur, aka NSWA-1310. High Unreviewed
CVE-2017-6412 was published May 17, 2022
Session fixation vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack... High Unreviewed
CVE-2016-10205 was published May 17, 2022
Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 allows attackers to access the core log... High Unreviewed
CVE-2022-34536 was published Jul 20, 2022
IBM MQ 8.0.0.4 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 AMQP Listeners... High Unreviewed
CVE-2019-4227 was published May 24, 2022
In Apache Tomcat, when using FORM authentication there was a narrow window where an attacker could perform a session fixation attack High
CVE-2019-17563 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Dec 26, 2019
Session Fixation in WildFly Elytron High
CVE-2020-10714 was published for org.wildfly.security:wildfly-elytron (Maven) Feb 15, 2022
Session fixation vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series ... High Unreviewed
CVE-2020-5654 was published May 24, 2022
An OAuth session fixation vulnerability existed in the VPN login flow, where an attacker could... High Unreviewed
CVE-2020-15679 was published Dec 22, 2022
The authentication token required to execute NSDP write requests on NETGEAR JGS516PE/GS116Ev2 v2... High Unreviewed
CVE-2020-35229 was published May 24, 2022
In VOS user session identifier (authentication token) is issued to the browser prior to... High Unreviewed
CVE-2018-16495 was published May 24, 2022
A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when... High Unreviewed
CVE-2021-22927 was published May 24, 2022
OpenSSL and SSLeay allow remote attackers to reuse SSL sessions and bypass access controls. High Unreviewed
CVE-1999-0428 was published Apr 30, 2022
Session fixation vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT... High Unreviewed
CVE-2020-5645 was published May 24, 2022
SolarWinds N-central through 2020.1 allows session hijacking and requires user interaction or... High Unreviewed
CVE-2020-15909 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API