GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
115 advisories
Filter by severity
A Session Fixation issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000,...
High
Unreviewed
CVE-2018-5465
was published
May 13, 2022
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. When authenticating a user or...
High
Unreviewed
CVE-2018-8852
was published
May 13, 2022
Improper Session Management in SAP Business Objects, 4.0, from 4.10, from 4.20, 4.30, CMC/BI...
High
Unreviewed
CVE-2018-2408
was published
May 13, 2022
Improper session management when using SAP Cloud Platform 2.0 (Connectivity Service and Cloud...
High
Unreviewed
CVE-2018-2409
was published
May 13, 2022
Insufficient session authentication in web server for Intel(R) Data Center Manager SDK before...
High
Unreviewed
CVE-2019-0102
was published
May 13, 2022
In Pulse Secure Pulse Desktop Client and Network Connect, an attacker could access session tokens...
High
Unreviewed
CVE-2019-11213
was published
May 13, 2022
Session Fixation vulnerability in login.php in Pluck-CMS Pluck 4.7.15 allows an attacker to...
High
Unreviewed
CVE-2021-31745
was published
Dec 11, 2021
An issue was discovered in BACKCLICK Professional 5.9.63. Due to an unsafe implementation of...
High
Unreviewed
CVE-2022-44007
was published
Nov 17, 2022
A session fixation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to...
High
Unreviewed
CVE-2018-9026
was published
May 13, 2022
A vulnerability in the web management interface of Brocade Fabric OS versions before 8.2.1, 8.1...
High
Unreviewed
CVE-2018-6434
was published
May 13, 2022
In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time...
High
Unreviewed
CVE-2018-17199
was published
May 13, 2022
Session Fixation in Apache Zeppelin
High
CVE-2017-12619
was published
for
org.apache.zeppelin:zeppelin
(Maven)
Apr 24, 2019
A privilege escalation vulnerability exists in the session id functionality of WWBN AVideo 11.6...
High
Unreviewed
CVE-2022-30605
was published
Aug 23, 2022
Session fixation vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers to...
High
Unreviewed
CVE-2007-4188
was published
May 1, 2022
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower has incorrectly...
High
Unreviewed
CVE-2020-25198
was published
May 24, 2022
SolarWinds N-central through 2020.1 allows session hijacking and requires user interaction or...
High
Unreviewed
CVE-2020-15909
was published
May 24, 2022
Session fixation vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT...
High
Unreviewed
CVE-2020-5645
was published
May 24, 2022
OpenSSL and SSLeay allow remote attackers to reuse SSL sessions and bypass access controls.
High
Unreviewed
CVE-1999-0428
was published
Apr 30, 2022
A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when...
High
Unreviewed
CVE-2021-22927
was published
May 24, 2022
In VOS user session identifier (authentication token) is issued to the browser prior to...
High
Unreviewed
CVE-2018-16495
was published
May 24, 2022
The authentication token required to execute NSDP write requests on NETGEAR JGS516PE/GS116Ev2 v2...
High
Unreviewed
CVE-2020-35229
was published
May 24, 2022
An OAuth session fixation vulnerability existed in the VPN login flow, where an attacker could...
High
Unreviewed
CVE-2020-15679
was published
Dec 22, 2022
Session fixation vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series ...
High
Unreviewed
CVE-2020-5654
was published
May 24, 2022
Session Fixation in WildFly Elytron
High
CVE-2020-10714
was published
for
org.wildfly.security:wildfly-elytron
(Maven)
Feb 15, 2022
In Apache Tomcat, when using FORM authentication there was a narrow window where an attacker could perform a session fixation attack
High
CVE-2019-17563
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Dec 26, 2019
ProTip!
Advisories are also available from the
GraphQL API