Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
22
Go
2,095
Maven
5,000+
npm
3,759
NuGet
678
pip
3,446
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

295 advisories

Loading
IBM MQ 8.0.0.4 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 AMQP Listeners... High Unreviewed
CVE-2019-4227 was published May 24, 2022
IBM WebSphere Application Server - Liberty could allow a remote attacker to bypass security... Moderate Unreviewed
CVE-2019-4304 was published May 24, 2022
An internal product security audit discovered a session handling vulnerability in the web... High Unreviewed
CVE-2019-6161 was published May 24, 2022
A remote session reuse vulnerability was discovered in HPE 3PAR StoreServ Management and Core... High Unreviewed
CVE-2019-5406 was published May 24, 2022
A remote session reuse vulnerability was discovered in HPE 3PAR Service Processor version(s):... Moderate Unreviewed
CVE-2019-5400 was published May 24, 2022
Wind River VxWorks 6.5 through 6.9 and vx7 has Session Fixation in the TCP component. This is a... High Unreviewed
CVE-2019-12258 was published May 24, 2022
Jenkins Gitlab Authentication Plugin vulnerable to Session Fixation High
CVE-2019-10371 was published for org.jenkins-ci.plugins:gitlab-oauth (Maven) May 24, 2022
Magento 2 Community Edition Session Fixation Check High
CVE-2019-7849 was published for magento/community-edition (Composer) May 24, 2022
IBM Cloud Private 3.1.0, 3.1.1, and 3.1.2 does not invalidate session after logout which could... Moderate Unreviewed
CVE-2019-4439 was published May 24, 2022
On eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16, automatic login... High Unreviewed
CVE-2019-10120 was published May 24, 2022
IBM Security Access Manager 9.0.1 through 9.0.6 does not invalidate session tokens in a timely... Moderate Unreviewed
CVE-2019-4152 was published May 24, 2022
The "action" get_sess_id in the web application of Pydio through 8.2.2 discloses the session... Moderate Unreviewed
CVE-2019-10045 was published May 24, 2022
A vulnerability in the session management functionality of the web UI for the Cisco Umbrella... High Unreviewed
CVE-2019-1807 was published May 24, 2022
BPC SmartVista 2 has Session Fixation via the JSESSIONID parameter. High Unreviewed
CVE-2018-15208 was published May 24, 2022
Zoho ManageEngine ServiceDesk 9.3 allows session hijacking and privilege escalation because an... High Unreviewed
CVE-2019-10008 was published May 24, 2022
Django allows user sessions hijacking via an empty string in the session key Moderate
CVE-2015-3982 was published for Django (pip) May 17, 2022
MarkLee131
IBM Jazz Foundation could allow an authenticated user to take over a previously logged in user... Moderate Unreviewed
CVE-2016-6040 was published May 17, 2022
Tivoli Storage Manager Operations Center could allow a local user to take over a previously... High Unreviewed
CVE-2016-6043 was published May 17, 2022
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior,... Moderate Unreviewed
CVE-2017-5141 was published May 17, 2022
Session fixation vulnerability in the forgot password mechanism in Revive Adserver before 4.0.1,... Moderate Unreviewed
CVE-2017-5831 was published May 17, 2022
Session fixation vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack... High Unreviewed
CVE-2016-10205 was published May 17, 2022
In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could occur, aka NSWA-1310. High Unreviewed
CVE-2017-6412 was published May 17, 2022
Session fixation vulnerability in pcsd in pcs before 0.9.157. High Unreviewed
CVE-2016-0721 was published May 17, 2022
IBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly update the SESSIONID with... Moderate Unreviewed
CVE-2017-1152 was published May 17, 2022
phpMyAdmin Bypass logout timeout Moderate
CVE-2016-9851 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database