Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,293
Erlang
31
GitHub Actions
21
Go
2,061
Maven
5,000+
npm
3,744
NuGet
668
pip
3,423
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

115 advisories

Loading
Improper user session handling in filegator Moderate
CVE-2022-1849 was published for filegator/filegator (Composer) May 25, 2022
As of v1.5.0, the Argo web interface authentication system issued immutable tokens.... Moderate Unreviewed
CVE-2020-8826 was published May 24, 2022
Session fixation on password protected public links in the ownCloud Server before 10.8.0 allows... Moderate Unreviewed
CVE-2021-35948 was published May 24, 2022
Under specialized conditions, GitLab may allow a user with an impersonation token to perform Git... Moderate Unreviewed
CVE-2021-22237 was published May 24, 2022
A session fixation vulnerability was discovered in Ice Hrm 29.0.0 OS which allows an attacker to... Moderate Unreviewed
CVE-2021-35046 was published May 24, 2022
Cubecart 6.4.2 allows Session Fixation. The application does not generate a new session cookie... Moderate Unreviewed
CVE-2021-33394 was published May 24, 2022
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are... Moderate Unreviewed
CVE-2019-18946 was published May 24, 2022
Pi-hole 5.0, 5.1, and 5.1.1 allows Session Fixation. The application does not generate a new... Moderate Unreviewed
CVE-2020-35591 was published May 24, 2022
IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to bypass... Moderate Unreviewed
CVE-2020-4954 was published May 24, 2022
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 does not invalidate session after a password... Moderate Unreviewed
CVE-2020-5021 was published May 24, 2022
IBM Financial Transaction Manager 3.0.6 and 3.1.0 does not invalidate session after logout which... Moderate Unreviewed
CVE-2020-4555 was published May 24, 2022
IBM Security Directory Server 6.4.0 does not set the secure attribute on authorization tokens or... Moderate Unreviewed
CVE-2019-4563 was published May 24, 2022
A session fixation vulnerability in J-Web on Junos OS may allow an attacker to use social... Moderate Unreviewed
CVE-2019-0062 was published May 24, 2022
IBM WebSphere Application Server - Liberty could allow a remote attacker to bypass security... Moderate Unreviewed
CVE-2019-4304 was published May 24, 2022
A remote session reuse vulnerability was discovered in HPE 3PAR Service Processor version(s):... Moderate Unreviewed
CVE-2019-5400 was published May 24, 2022
IBM Cloud Private 3.1.0, 3.1.1, and 3.1.2 does not invalidate session after logout which could... Moderate Unreviewed
CVE-2019-4439 was published May 24, 2022
IBM Security Access Manager 9.0.1 through 9.0.6 does not invalidate session tokens in a timely... Moderate Unreviewed
CVE-2019-4152 was published May 24, 2022
The "action" get_sess_id in the web application of Pydio through 8.2.2 discloses the session... Moderate Unreviewed
CVE-2019-10045 was published May 24, 2022
Django allows user sessions hijacking via an empty string in the session key Moderate
CVE-2015-3982 was published for Django (pip) May 17, 2022
MarkLee131
IBM Jazz Foundation could allow an authenticated user to take over a previously logged in user... Moderate Unreviewed
CVE-2016-6040 was published May 17, 2022
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior,... Moderate Unreviewed
CVE-2017-5141 was published May 17, 2022
Session fixation vulnerability in the forgot password mechanism in Revive Adserver before 4.0.1,... Moderate Unreviewed
CVE-2017-5831 was published May 17, 2022
IBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly update the SESSIONID with... Moderate Unreviewed
CVE-2017-1152 was published May 17, 2022
phpMyAdmin Bypass logout timeout Moderate
CVE-2016-9851 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
Session fixation vulnerability in Cybozu Garoon 4.0.0 to 4.2.4 allows remote attackers to perform... Moderate Unreviewed
CVE-2017-2145 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database