Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

92 advisories

Loading
Session fixation in Enonic XP Critical
CVE-2024-23679 was published for com.enonic.xp:lib-auth (Maven) Jan 19, 2024
ZITADEL Allows IdP Intent Token Reuse High
CVE-2025-46815 was published for github.com/zitadel/zitadel (Go) May 6, 2025
cfx livio-a
fforootd
Moodle Session Fixation vulnerability Moderate
CVE-2010-1613 was published for moodle/moodle (Composer) May 13, 2022
Keycloak vulnerable to session hijacking via re-authentication Moderate
CVE-2023-6787 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
Moodle Session Fixation vulnerability Critical
CVE-2021-36394 was published for moodle/moodle (Composer) Mar 6, 2023
Mattermost fails to invalidate all active sessions when converting a user to a bot Low
CVE-2025-1412 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 24, 2025
Account Takeover via Session Fixation in Zitadel [Bypassing MFA] High
CVE-2024-28197 was published for github.com/zitadel/zitadel (Go) Mar 11, 2024
amit-laish
Password Pusher Allows Session Token Interception Leading to Potential Hijacking Moderate
CVE-2024-56733 was published for pwpush (RubyGems) Dec 30, 2024
Keycloak has session fixation in Elytron SAML adapters High
CVE-2024-7341 was published for org.keycloak:keycloak-services (Maven) Oct 14, 2024
Chetven
Duplicate Advisory: Keycloak Session Fixation vulnerability High
GHSA-j76j-rqwj-jmvv was published for org.keycloak:keycloak-services (Maven) Sep 9, 2024 withdrawn
stianst
Apache IoTDB Session Fixation vulnerability Moderate
CVE-2022-38369 was published for apache-iotdb (Maven) Sep 6, 2022
OpenStack Horizon Session Fixation Moderate
CVE-2012-2144 was published for horizon (pip) May 17, 2022
aiohttp-session Session Fixation vulnerability High
CVE-2018-1000519 was published for aiohttp-session (pip) Sep 13, 2018
Session fixation vulnerability in Jenkins OpenId Connect Authentication Plugin High
CVE-2024-52553 was published for org.jenkins-ci.plugins:oic-auth (Maven) Nov 13, 2024
Session Fixation in Tryton High
CVE-2018-19443 was published for tryton (pip) Nov 29, 2018
Apache Kylin Session Fixation vulnerability High
CVE-2024-23590 was published for org.apache.kylin:kylin (Maven) Nov 4, 2024
rdiffweb vulnerable to account access via session fixation Critical
CVE-2022-3269 was published for rdiffweb (pip) Sep 25, 2022
Umbraco CMS Has Incomplete Server Termination During Explicit Sign-Out Moderate
CVE-2024-48929 was published for Umbraco.CMS (NuGet) Oct 22, 2024
Liferay Portal's account lockout does not invalidate existing user sessions Moderate
CVE-2023-47798 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 8, 2024
Django allows user sessions hijacking via an empty string in the session key Moderate
CVE-2015-3982 was published for Django (pip) May 17, 2022
MarkLee131
Apache Airflow Session Fixation vulnerability Critical
CVE-2022-38054 was published for apache-airflow (pip) Sep 3, 2022
Apache Airflow Session Fixation vulnerability High
CVE-2023-40273 was published for apache-airflow (pip) Aug 23, 2023
Session is cached for OpenID and OAuth2 if `redirect` is not used High
CVE-2024-45596 was published for @directus/api (npm) Sep 10, 2024
joselcvarela
Session Middleware Token Injection Vulnerability Critical
CVE-2024-38513 was published for github.com/gofiber/fiber (Go) Jul 1, 2024
sixcolors
Unauthenticated Access to sensitive settings in Argo CD Moderate
CVE-2024-37152 was published for github.com/argoproj/argo-cd/v2/server (Go) Jun 6, 2024
moshikoHassan
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database