Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

191 advisories

Loading
Trendnet AC2600 TEW-827DRU version 2.08B01 contains a flaw in the session management for the... Critical Unreviewed
CVE-2021-20151 was published Dec 31, 2021
Session fixation vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7... Moderate Unreviewed
CVE-2014-4789 was published May 17, 2022
DELL EMC AppSync versions 3.9 to 4.3 use GET request method with sensitive query strings. An... High Unreviewed
CVE-2022-22551 was published Jan 22, 2022
An issue was discovered in Appalti & Contratti 9.12.2. It allows Session Fixation. When a user... Moderate Unreviewed
CVE-2022-44788 was published Nov 22, 2022
IBM Financial Transaction Manager 3.2.4 does not invalidate session any existing session... High Unreviewed
CVE-2021-39066 was published Feb 3, 2022
Session fixation vulnerability in CuppaCMS thru commit 4c9b742b23b924cf4c1f943f48b278e06a17e297... High Unreviewed
CVE-2021-29368 was published Jan 20, 2023
Session fixation vulnerability in pcsd in pcs before 0.9.157. High Unreviewed
CVE-2016-0721 was published May 17, 2022
IBM Security Access Manager 9.0.1 through 9.0.6 does not invalidate session tokens in a timely... Moderate Unreviewed
CVE-2019-4152 was published May 24, 2022
A condition for session fixation vulnerability [CWE-384] in the session management of FortiWeb... Critical Unreviewed
CVE-2021-42761 was published Feb 16, 2023
An issue was discovered in Reprise RLM 14.2. As the session cookies are small, an attacker can... High Unreviewed
CVE-2021-44151 was published Dec 14, 2021
Session Fixation vulnerability in in function login in class.auth.php in osTicket through 1.16.2. High Unreviewed
CVE-2022-31888 was published Apr 6, 2023
A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER... High Unreviewed
CVE-2022-43398 was published Nov 8, 2022
Improper Access Control in GitHub repository namelessmc/nameless prior to v2.0.2. High Unreviewed
CVE-2022-2820 was published Aug 16, 2022
TP-Link TL-WA850RE Wi-Fi Range Extender before v6_200923 was discovered to use highly predictable... Critical Unreviewed
CVE-2022-22922 was published Feb 19, 2022
Session Fixation in GitHub repository instantsoft/icms2 prior to 2.16.1. Moderate Unreviewed
CVE-2023-4649 was published Aug 31, 2023
Versions of Puppet Enterprise prior to 2021.7.6 and 2023.5 contain a flaw which results in broken... Moderate Unreviewed
CVE-2023-5309 was published Nov 7, 2023
Certain NetModule devices allow Limited Session Fixation via PHPSESSID. These models with... Critical Unreviewed
CVE-2021-39290 was published May 24, 2022
Session Fixation in GitHub repository fossbilling/fossbilling prior to 0.5.1. Moderate Unreviewed
CVE-2023-3394 was published Jun 23, 2023
An issue was discovered in Barrier before 2.4.0. An attacker can enter an active session state... High Unreviewed
CVE-2021-42073 was published May 24, 2022
A privilege escalation issue was found in PHP Gurukul Hospital Management System In v.4.0 allows... Critical Unreviewed
CVE-2023-31498 was published May 11, 2023
A session hijacking vulnerability has been detected in the Imou Life application affecting... High Unreviewed
CVE-2023-6913 was published Dec 19, 2023
Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24.492 is vulnerable to... Critical Unreviewed
CVE-2023-48929 was published Dec 8, 2023
A vulnerability classified as problematic has been found in SourceCodester Engineers Online... Low Unreviewed
CVE-2024-0351 was published Jan 10, 2024
An issue was discovered on GL.iNet devices before version 4.5.0. They assign the same session ID... Moderate Unreviewed
CVE-2023-50920 was published Jan 12, 2024
IBM PowerSC 1.3, 2.0, and 2.1 does not provide logout functionality, which could allow an... Moderate Unreviewed
CVE-2023-50941 was published Feb 2, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database