GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,339
Composer 4,133
Erlang 29
GitHub Actions 19
Go 1,940
Maven 5,135
npm 3,677
NuGet 645
pip 3,295
Pub 11
RubyGems 877
Rust 830
Swift 35

Unreviewed advisories

All unreviewed 230,836

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

191 advisories

Filter by severity

Sort by

Least recently updated

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the password... High Unreviewed

CVE-2018-9082 was published May 14, 2022

A Session Fixation issue was discovered in Bigtree before 4.2.24. admin.php accepts a user... Moderate Unreviewed

CVE-2018-18380 was published May 14, 2022

Session fixation exists in ZoneMinder through 1.32.3, as an attacker can fixate his own session... High Unreviewed

CVE-2019-7350 was published May 14, 2022

Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as... Critical Unreviewed

CVE-2018-18925 was published May 14, 2022

Session Fixation in the web application for TerraMaster TOS version 3.1.03 allows attackers to... Moderate Unreviewed

CVE-2018-13337 was published May 14, 2022

The application was vulnerable to a session fixation that could be used hijack accounts. Critical Unreviewed

CVE-2022-40293 was published Nov 1, 2022

An issue was discovered in WonderCMS before 2.5.2. An attacker can create a new session on a web... High Unreviewed

CVE-2018-14387 was published May 14, 2022

Monstra CMS 3.0.4 has a Session Management Issue in the Administrations Tab. A password change at... High Unreviewed

CVE-2018-11474 was published May 14, 2022

An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel... Critical Unreviewed

CVE-2018-11714 was published May 14, 2022

In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon... High Unreviewed

CVE-2017-18125 was published May 14, 2022

ClipperCMS 1.3.3 allows Session Fixation. High Unreviewed

CVE-2018-11571 was published May 14, 2022

Monstra CMS 3.0.4 has a Session Management Issue in the Users tab. A password change at users/1... High Unreviewed

CVE-2018-11475 was published May 14, 2022

An issue was discovered on Actiontec WCB6200Q before 1.1.10.20a devices. The admin login session... High Unreviewed

CVE-2018-10252 was published May 14, 2022

In Nessus before 7.1.0, Session Fixation exists due to insufficient session management within the... Moderate Unreviewed

CVE-2018-1148 was published May 14, 2022

Red Hat CloudForms 2 Management Engine (CFME) allows remote attackers to conduct session... High Unreviewed

CVE-2013-2049 was published May 14, 2022

Session fixation vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3... High Unreviewed

CVE-2018-0564 was published May 14, 2022

VMware vRealize Automation (vRA) prior to 7.4.0 contains a vulnerability in the handling of... Critical Unreviewed

CVE-2018-6959 was published May 14, 2022

A Session Fixation Vulnerability exists in the MT4 Networks SenhaSegura Web Application 2.2.23.8... High Unreviewed

CVE-2017-11562 was published May 14, 2022

IBM Security Guardium 10.0 does not renew a session variable after a successful authentication... Low Unreviewed

CVE-2017-1270 was published May 14, 2022

Session management issue in RX-V200 firmware versions prior to 09.87.17.09, RX-V100 firmware... Moderate Unreviewed

CVE-2017-10890 was published May 17, 2022

Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 are vulnerable to prevent session IDs from... High Unreviewed

CVE-2017-1000150 was published May 17, 2022

/bin/login.php in the Web Panel on the Airtame HDMI dongle with firmware before 3.0 allows an... Critical Unreviewed

CVE-2017-15304 was published May 17, 2022

** DISPUTED ** FreeIPA 4.x with API version 2.213 allows a remote authenticated users to bypass... High Unreviewed

CVE-2017-11191 was published May 17, 2022

IBM Sterling Partner Engagement Manager 2.0 does not invalidate session after logout which could... Moderate Unreviewed

CVE-2022-34334 was published Oct 11, 2022

A vulnerability has been identified in SICAM P850 (All versions < V3.10), SICAM P850 (All... High Unreviewed

CVE-2022-40226 was published Oct 11, 2022

Previous 1 2 3 4 5 6 7 8 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

191 advisories