Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
21
Go
2,094
Maven
5,000+
npm
3,759
NuGet
678
pip
3,445
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

117 advisories

Loading
IBM PowerSC 1.3, 2.0, and 2.1 does not provide logout functionality, which could allow an... Moderate Unreviewed
CVE-2023-50941 was published Feb 2, 2024
Cookie persistence after password changes in symfony/security-bundle Moderate
CVE-2021-41268 was published for symfony/security-bundle (Composer) Nov 24, 2021
thibaut-decherit wouterj
Session fixation in change password form Moderate
CVE-2019-12203 was published for silverstripe/framework (Composer) Nov 12, 2019
TYPO3 is vulnerable to Session Fixation Moderate
CVE-2010-3671 was published for typo3/cms-install (Composer) Apr 21, 2022
Graylog session fixation vulnerability through cookie injection Moderate
CVE-2024-24823 was published for org.graylog2:graylog2-server (Maven) Feb 7, 2024
fabsx00
A vulnerability was found in Bdtask Wholesale Inventory Management System up to 20240311. It has... Moderate Unreviewed
CVE-2024-2639 was published Mar 19, 2024
** DISPUTED ** Prior to 2018-04-27, the reprompt feature in Amazon Echo devices could be misused... Moderate Unreviewed
CVE-2018-11567 was published May 14, 2022
The "action" get_sess_id in the web application of Pydio through 8.2.2 discloses the session... Moderate Unreviewed
CVE-2019-10045 was published May 24, 2022
A remote session reuse vulnerability was discovered in HPE 3PAR Service Processor version(s):... Moderate Unreviewed
CVE-2019-5400 was published May 24, 2022
Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0... Moderate Unreviewed
CVE-2022-38628 was published Dec 13, 2022
An issue has been discovered in GitLab affecting all versions starting from 11.9 before 15.9.6,... Moderate Unreviewed
CVE-2023-1265 was published May 3, 2023
Contao: Remember-me tokens will not be cleared after a password change Moderate
CVE-2024-30262 was published for contao/core-bundle (Composer) Apr 9, 2024
bytehead
zenml Session Fixation vulnerability Moderate
CVE-2024-2260 was published for zenml (pip) Apr 16, 2024
phpMyAdmin Bypass logout timeout Moderate
CVE-2016-9851 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
Keycloak vulnerable to session hijacking via re-authentication Moderate
CVE-2023-6787 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
IBM Storage Scale 5.1.0.0 through 5.1.9.2 could allow an authenticated user to steal or... Moderate Unreviewed
CVE-2023-38002 was published Apr 30, 2024
Laravel Hijacked authentication cookies vulnerability Moderate
GHSA-q4xf-7fw5-4x8v was published for illuminate/auth (Composer) May 15, 2024
Laravel Hijacked authentication cookies vulnerability Moderate
GHSA-p62r-7637-3wwc was published for laravel/framework (Composer) May 15, 2024
TYPO3 Security Misconfiguration in User Session Handling Moderate
GHSA-xmgr-jff3-fcfv was published for typo3/cms-core (Composer) May 30, 2024
Zendframework session validation vulnerability Moderate
GHSA-62f6-h68r-3jpw was published for zendframework/zendframework (Composer) Jun 7, 2024
Zend-Session session validation vulnerability Moderate
GHSA-96c6-m98x-hxjx was published for zendframework/zend-session (Composer) Jun 7, 2024
Unauthenticated Access to sensitive settings in Argo CD Moderate
CVE-2024-37152 was published for github.com/argoproj/argo-cd/v2/server (Go) Jun 6, 2024
moshikoHassan
As of v1.5.0, the Argo web interface authentication system issued immutable tokens.... Moderate Unreviewed
CVE-2020-8826 was published May 24, 2022
IBM Aspera Shares 1.10.0 PL2 does not invalidate session after a password change which could... Moderate Unreviewed
CVE-2023-38018 was published Aug 12, 2024
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP2).... Moderate Unreviewed
CVE-2024-42345 was published Sep 10, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database