Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,757
Erlang
35
GitHub Actions
29
Go
2,327
Maven
5,000+
npm
3,960
NuGet
712
pip
3,741
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

319 advisories

Loading
HCL MyXalytics is affected by a session fixation vulnerability. Cyber-criminals can exploit this... Moderate Unreviewed
CVE-2024-42170 was published Jan 11, 2025
HCL MyXalytics is affected by a session fixation vulnerability. Cyber-criminals can exploit this... Moderate Unreviewed
CVE-2024-42171 was published Jan 11, 2025
An issue in youdiancms v.9.5.20 and before allows a remote attacker to escalate privileges via... Critical Unreviewed
CVE-2024-57052 was published Jan 28, 2025
Mailcow through 2024-11b has a session fixation vulnerability in the web panel. It allows remote... High Unreviewed
CVE-2024-56529 was published Jan 29, 2025
A UAA configured with multiple identity zones, does not properly validate session information... Moderate Unreviewed
CVE-2025-22216 was published Jan 31, 2025
Dell Storage Resource Manager, 4.9.0.0 and below, contain(s) a Session Fixation Vulnerability in... Moderate Unreviewed
CVE-2024-0157 was published Apr 12, 2024
A malicious actor can fix the session of a PAM user by tricking the user to click on a specially... Critical Unreviewed
CVE-2025-24503 was published Jan 30, 2025
An improper session validation allows an unauthenticated attacker to cause certain request... Moderate Unreviewed
CVE-2025-24502 was published Jan 30, 2025
HCL iAutomate is affected by a session fixation vulnerability.  An attacker could hijack a victim... Moderate Unreviewed
CVE-2024-42207 was published Feb 5, 2025
Tiny File Manager v2.4.7 and below is vulnerable to session fixation. Critical Unreviewed
CVE-2022-40916 was published Feb 6, 2025
OXID eShop 6.2.x before 6.4.4 and 6.5.x before 6.5.2 allows session hijacking, leading to partial... Moderate Unreviewed
CVE-2023-26260 was published Apr 11, 2023
Session Fixation vulnerability in in function login in class.auth.php in osTicket through 1.16.2. High Unreviewed
CVE-2022-31888 was published Apr 6, 2023
IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages with Watson Assistant chat feature... Moderate Unreviewed
CVE-2024-49344 was published Feb 20, 2025
Mattermost fails to invalidate all active sessions when converting a user to a bot Low
CVE-2025-1412 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 24, 2025
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923... Critical Unreviewed
CVE-2025-27661 was published Mar 5, 2025
Moodle Session Fixation vulnerability Critical
CVE-2021-36394 was published for moodle/moodle (Composer) Mar 6, 2023
The Service Layer in SAP Business One, allows attackers to potentially gain unauthorized access... Moderate Unreviewed
CVE-2025-26658 was published Mar 11, 2025
Keycloak vulnerable to session hijacking via re-authentication Moderate
CVE-2023-6787 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
In NetAdmin 4.0.30319, an attacker can steal a valid session cookie and inject it into another... High Unreviewed
CVE-2024-48955 was published Oct 29, 2024
Session fixation vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers to... High Unreviewed
CVE-2007-4188 was published May 1, 2022
E-Mails exported as PDF were stored in a cache that did not consider specific session information... Moderate Unreviewed
CVE-2024-23193 was published May 6, 2024
When configured using SAML, a session fixation vulnerability in the GlobalProtect™ login enables... High Unreviewed
CVE-2025-0126 was published Apr 11, 2025
Moodle Session Fixation vulnerability Moderate
CVE-2010-1613 was published for moodle/moodle (Composer) May 13, 2022
Internet Starter, one of SoftCOM iKSORIS system modules, allows for setting an arbitrary session... Low Unreviewed
CVE-2024-49709 was published Apr 14, 2025
An OAuth session fixation vulnerability existed in the VPN login flow, where an attacker could... High Unreviewed
CVE-2020-15679 was published Dec 22, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database