GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
84 advisories
Filter by severity
Froxlor Session Fixation vulnerability
Moderate
CVE-2023-3192
was published
for
froxlor/froxlor
(Composer)
Jun 11, 2023
Jenkins OpenShift Login Plugin session fixation vulnerability
High
CVE-2023-37946
was published
for
org.openshift.jenkins:openshift-login
(Maven)
Jul 12, 2023
Passport vulnerable to session regeneration when a users logs in or out
Moderate
CVE-2022-25896
was published
for
passport
(npm)
Jul 2, 2022
rest-client Gem Vulnerable to Session Fixation
Critical
CVE-2015-1820
was published
for
rest-client
(RubyGems)
Aug 13, 2018
CodeIgniter Session Fixation Vulnerability
Critical
CVE-2018-12071
was published
for
codeigniter/framework
(Composer)
May 14, 2022
KubePi session fixation attack allows an attacker to hijack a legitimate user session.
High
CVE-2023-22479
was published
for
github.com/KubeOperator/kubepi
(Go)
Jan 9, 2023
Symfony vulnerable to Session Fixation of CSRF tokens
Moderate
CVE-2022-24895
was published
for
symfony/security-bundle
(Composer)
Feb 1, 2023
alextselegidis/easyappointments Session Fixation vulnerability
Moderate
CVE-2023-2105
was published
for
alextselegidis/easyappointments
(Composer)
Apr 15, 2023
Hazelcast connection caching
Critical
CVE-2022-36437
was published
for
com.hazelcast.jet:hazelcast-jet
(Maven)
Dec 27, 2022
Moodle Session Fixation vulnerability
High
CVE-2021-36394
was published
for
moodle/moodle
(Composer)
Mar 6, 2023
Session fixation vulnerability in Jenkins Bitbucket OAuth Plugin
Critical
CVE-2023-24427
was published
for
org.jenkins-ci.plugins:bitbucket-oauth
(Maven)
Jan 26, 2023
Session fixation vulnerability in Jenkins OpenId Connect Authentication Plugin
High
CVE-2023-24424
was published
for
org.jenkins-ci.plugins:oic-auth
(Maven)
Jan 26, 2023
Shopware guest session is shared between customers
Moderate
CVE-2022-24745
was published
for
shopware/platform
(Composer)
Mar 10, 2022
Apache IoTDB Session Fixation vulnerability
High
CVE-2022-38369
was published
for
apache-iotdb
(Maven)
Sep 6, 2022
Session fixation in express-openid-connect
Moderate
CVE-2021-41246
was published
for
express-openid-connect
(npm)
Dec 9, 2021
Session Fixation in Subrion CMS
Moderate
CVE-2020-12467
was published
for
intelliants/subrion
(Composer)
Jun 22, 2021
Concrete CMS vulnerable to Session Fixation
Moderate
CVE-2022-43687
was published
for
concrete5/concrete5
(Composer)
Nov 15, 2022
Session Fixation in Apache Zeppelin
High
CVE-2017-12619
was published
for
org.apache.zeppelin:zeppelin
(Maven)
Apr 24, 2019
Tribal Systems Zenario CMS vulnerable to Session Fixation
Moderate
CVE-2022-4231
was published
for
tribalsystems/zenario
(Composer)
Nov 30, 2022
Improper user session handling in filegator
Moderate
CVE-2022-1849
was published
for
filegator/filegator
(Composer)
May 25, 2022
Insufficient Session Expiration in snipe/snipe-it
Moderate
CVE-2022-2997
was published
for
snipe/snipe-it
(Composer)
Aug 26, 2022
Session Fixation in WildFly Elytron
High
CVE-2020-10714
was published
for
org.wildfly.security:wildfly-elytron
(Maven)
Feb 15, 2022
rdiffweb vulnerable to account access via session fixation
Critical
CVE-2022-3269
was published
for
rdiffweb
(pip)
Sep 25, 2022
ProTip!
Advisories are also available from the
GraphQL API