Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
22
Go
2,095
Maven
5,000+
npm
3,759
NuGet
678
pip
3,446
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

117 advisories

Loading
HCL MyXalytics is affected by a session fixation vulnerability. Cyber-criminals can exploit this... Moderate Unreviewed
CVE-2024-42171 was published Jan 11, 2025
HCL MyXalytics is affected by a session fixation vulnerability. Cyber-criminals can exploit this... Moderate Unreviewed
CVE-2024-42170 was published Jan 11, 2025
Password Pusher Allows Session Token Interception Leading to Potential Hijacking Moderate
CVE-2024-56733 was published for pwpush (RubyGems) Dec 30, 2024
Vulnerability of services denied by early fingerprint APIs on HarmonyOS products.Successful... Moderate Unreviewed
CVE-2023-34156 was published Jun 19, 2023
An attacker who can spoof the IP address and the User-Agent of a logged-in user can takeover the... Moderate Unreviewed
CVE-2024-28144 was published Dec 12, 2024
Apache IoTDB Session Fixation vulnerability Moderate
CVE-2022-38369 was published for apache-iotdb (Maven) Sep 6, 2022
OpenStack Horizon Session Fixation Moderate
CVE-2012-2144 was published for horizon (pip) May 17, 2022
In certain conditions, depending on timing and the usage of the Chrome web browser, Guardian/CMC... Moderate Unreviewed
CVE-2023-24477 was published Aug 9, 2023
A Session Fixation vulnerability exists in chatwoot/chatwoot versions prior to 2.4.0. The... Moderate Unreviewed
CVE-2021-3740 was published Nov 15, 2024
A session fixation issue was discovered in the NGINX OpenID Connect reference implementation,... Moderate Unreviewed
CVE-2024-10318 was published Nov 6, 2024
In visitUris of RemoteViews.java, there is a possible leak of images between users due to a... Moderate Unreviewed
CVE-2023-21238 was published Jul 13, 2023
In visitUris of Notification.java, there is a possible way to leak image data across user... Moderate Unreviewed
CVE-2023-21239 was published Jul 13, 2023
Umbraco CMS Has Incomplete Server Termination During Explicit Sign-Out Moderate
CVE-2024-48929 was published for Umbraco.CMS (NuGet) Oct 22, 2024
A vulnerability classified as problematic has been found in PHPGurukul Boat Booking System 1.0.... Moderate Unreviewed
CVE-2024-10158 was published Oct 20, 2024
Liferay Portal's account lockout does not invalidate existing user sessions Moderate
CVE-2023-47798 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 8, 2024
IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable... Moderate Unreviewed
CVE-2024-22318 was published Feb 9, 2024
Django allows user sessions hijacking via an empty string in the session key Moderate
CVE-2015-3982 was published for Django (pip) May 17, 2022
MarkLee131
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP2).... Moderate Unreviewed
CVE-2024-42345 was published Sep 10, 2024
IBM Aspera Shares 1.10.0 PL2 does not invalidate session after a password change which could... Moderate Unreviewed
CVE-2023-38018 was published Aug 12, 2024
As of v1.5.0, the Argo web interface authentication system issued immutable tokens.... Moderate Unreviewed
CVE-2020-8826 was published May 24, 2022
Unauthenticated Access to sensitive settings in Argo CD Moderate
CVE-2024-37152 was published for github.com/argoproj/argo-cd/v2/server (Go) Jun 6, 2024
moshikoHassan
Zend-Session session validation vulnerability Moderate
GHSA-96c6-m98x-hxjx was published for zendframework/zend-session (Composer) Jun 7, 2024
Zendframework session validation vulnerability Moderate
GHSA-62f6-h68r-3jpw was published for zendframework/zendframework (Composer) Jun 7, 2024
TYPO3 Security Misconfiguration in User Session Handling Moderate
GHSA-xmgr-jff3-fcfv was published for typo3/cms-core (Composer) May 30, 2024
Laravel Hijacked authentication cookies vulnerability Moderate
GHSA-p62r-7637-3wwc was published for laravel/framework (Composer) May 15, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database