GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 22,763
Composer 4,750
Erlang 35
GitHub Actions 29
Go 2,323
Maven 5,608
npm 3,956
NuGet 712
pip 3,739
Pub 12
RubyGems 921
Rust 973
Swift 38

Unreviewed advisories

All unreviewed 258,306

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

319 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

IBM WebSphere Application Server - Liberty could allow a remote attacker to bypass security... Moderate Unreviewed

CVE-2019-4304 was published May 24, 2022

IBM MQ 8.0.0.4 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 AMQP Listeners... High Unreviewed

CVE-2019-4227 was published May 24, 2022

A vulnerability, which was classified as critical, has been found in kassi xingwall. This issue... Moderate Unreviewed

CVE-2014-125048 was published Jan 6, 2023

Jenkins Google Login Plugin Session Fixation vulnerability Moderate

CVE-2018-1000173 was published for org.jenkins-ci.plugins:google-login (Maven) May 14, 2022

In Apache Tomcat, when using FORM authentication there was a narrow window where an attacker could perform a session fixation attack High

CVE-2019-17563 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Dec 26, 2019

A session fixation vulnerability in J-Web on Junos OS may allow an attacker to use social... Moderate Unreviewed

CVE-2019-0062 was published May 24, 2022

IBM Cloud Private 3.1.0, 3.1.1, and 3.1.2 does not invalidate session after logout which could... Moderate Unreviewed

CVE-2019-4439 was published May 24, 2022

Session Fixation in WildFly Elytron High

CVE-2020-10714 was published for org.wildfly.security:wildfly-elytron (Maven) Feb 15, 2022

Session fixation vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series ... High Unreviewed

CVE-2020-5654 was published May 24, 2022

IBM Financial Transaction Manager 3.0.6 and 3.1.0 does not invalidate session after logout which... Moderate Unreviewed

CVE-2020-4555 was published May 24, 2022

IBM Security Directory Server 6.4.0 does not set the secure attribute on authorization tokens or... Moderate Unreviewed

CVE-2019-4563 was published May 24, 2022

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 does not invalidate session after a password... Moderate Unreviewed

CVE-2020-5021 was published May 24, 2022

Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are... Moderate Unreviewed

CVE-2019-18946 was published May 24, 2022

The authentication token required to execute NSDP write requests on NETGEAR JGS516PE/GS116Ev2 v2... High Unreviewed

CVE-2020-35229 was published May 24, 2022

IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to bypass... Moderate Unreviewed

CVE-2020-4954 was published May 24, 2022

Pi-hole 5.0, 5.1, and 5.1.1 allows Session Fixation. The application does not generate a new... Moderate Unreviewed

CVE-2020-35591 was published May 24, 2022

In VOS user session identifier (authentication token) is issued to the browser prior to... High Unreviewed

CVE-2018-16495 was published May 24, 2022

Insufficient Session Expiration in snipe/snipe-it Moderate

CVE-2022-2997 was published for snipe/snipe-it (Composer) Aug 26, 2022

A session fixation vulnerability was discovered in Ice Hrm 29.0.0 OS which allows an attacker to... Moderate Unreviewed

CVE-2021-35046 was published May 24, 2022

Cubecart 6.4.2 allows Session Fixation. The application does not generate a new session cookie... Moderate Unreviewed

CVE-2021-33394 was published May 24, 2022

IBM QRadar SIEM 7.3, 7.4, and 7.5 in some situations may not automatically log users out after... Critical Unreviewed

CVE-2021-38869 was published Apr 28, 2022

A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when... High Unreviewed

CVE-2021-22927 was published May 24, 2022

Under specialized conditions, GitLab may allow a user with an impersonation token to perform Git... Moderate Unreviewed

CVE-2021-22237 was published May 24, 2022

Session fixation on password protected public links in the ownCloud Server before 10.8.0 allows... Moderate Unreviewed

CVE-2021-35948 was published May 24, 2022

OpenSSL and SSLeay allow remote attackers to reuse SSL sessions and bypass access controls. High Unreviewed

CVE-1999-0428 was published Apr 30, 2022

Previous 1 2 3 4 5 … 12 13 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

319 advisories