Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

56 advisories

Loading
This vulnerability allows the successful attacker to gain unauthorized access to a configuration... Critical Unreviewed
CVE-2024-13967 was published Jun 4, 2025
Session fixation in Enonic XP Critical
CVE-2024-23679 was published for com.enonic.xp:lib-auth (Maven) Jan 19, 2024
A critical vulnerability was found in PHPGurukul User Registration & Login and User Management... Critical Unreviewed
CVE-2025-45949 was published Apr 28, 2025
A vulnerability was found in PHPGurukul Hostel Management System 2.1 in the /hostel/change... Critical Unreviewed
CVE-2025-45953 was published Apr 28, 2025
Improper session management in Elber REBLE310 Firmware v5.5.1.R , Equipment Model: REBLE310/RX10... Critical Unreviewed
CVE-2025-28238 was published Apr 18, 2025
Improper session management in the /login_ok.htm endpoint of DAEnetIP4 METO v1.25 allows... Critical Unreviewed
CVE-2025-28242 was published Apr 18, 2025
Session fixation vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack web... Critical Unreviewed
CVE-2017-12965 was published May 14, 2022
Revive Adserver before 3.2.3 suffers from session fixation, by allowing arbitrary session... Critical Unreviewed
CVE-2016-9125 was published May 13, 2022
Moodle Session Fixation vulnerability Critical
CVE-2021-36394 was published for moodle/moodle (Composer) Mar 6, 2023
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923... Critical Unreviewed
CVE-2025-27661 was published Mar 5, 2025
Tiny File Manager v2.4.7 and below is vulnerable to session fixation. Critical Unreviewed
CVE-2022-40916 was published Feb 6, 2025
A malicious actor can fix the session of a PAM user by tricking the user to click on a specially... Critical Unreviewed
CVE-2025-24503 was published Jan 30, 2025
An issue in youdiancms v.9.5.20 and before allows a remote attacker to escalate privileges via... Critical Unreviewed
CVE-2024-57052 was published Jan 28, 2025
Session Fixation vulnerability in Drupal Two-factor Authentication (TFA) allows Session Fixation... Critical Unreviewed
CVE-2024-13279 was published Jan 9, 2025
Session Fixation vulnerabilities allow an attacker to fix a users session identifier before login... Critical Unreviewed
CVE-2024-11317 was published Dec 5, 2024
The End-User Portal module before 1.0.65 for FreeScout sometimes allows an attacker to... Critical Unreviewed
CVE-2023-52268 was published Nov 12, 2024
rdiffweb vulnerable to account access via session fixation Critical
CVE-2022-3269 was published for rdiffweb (pip) Sep 25, 2022
Session Fixation vulnerability in Oceanic Software ValeApp allows Brute Force, Session Hijacking... Critical Unreviewed
CVE-2024-8643 was published Sep 27, 2024
Apache Airflow Session Fixation vulnerability Critical
CVE-2022-38054 was published for apache-airflow (pip) Sep 3, 2022
Session Middleware Token Injection Vulnerability Critical
CVE-2024-38513 was published for github.com/gofiber/fiber (Go) Jul 1, 2024
sixcolors
SimpleSAMLphp Session fixation issue and authentication bypass in the authcrypt module Critical
CVE-2017-12868 was published for simplesamlphp/simplesamlphp (Composer) May 14, 2022
Sielco PolyEco1000 is vulnerable to a session hijack vulnerability due to the cookie being... Critical Unreviewed
CVE-2023-0897 was published Oct 26, 2023
Insecure Permissions vulnerability in icmsdev iCMS v.7.0.16 allows a remote attacker to obtain... Critical Unreviewed
CVE-2023-42322 was published Sep 20, 2023
An issue in China Mobile Communications China Mobile Intelligent Home Gateway v.HG6543C4 allows a... Critical Unreviewed
CVE-2023-41012 was published Sep 5, 2023
A security vulnerability has been discovered in the implementation of 2FA on the rocket.chat... Critical Unreviewed
CVE-2023-28316 was published May 10, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database