GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 22,380
Composer 4,669
Erlang 34
GitHub Actions 26
Go 2,261
Maven 5,518
npm 3,910
NuGet 704
pip 3,681
Pub 12
RubyGems 916
Rust 943
Swift 38

Unreviewed advisories

All unreviewed 253,421

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

315 advisories

Filter by severity

Sort by

Least recently updated

This vulnerability exists in Meon KYC solutions due to improper handling of access and refresh... High Unreviewed

CVE-2025-42602 was published Apr 23, 2025

Improper session management in Elber REBLE310 Firmware v5.5.1.R , Equipment Model: REBLE310/RX10... Critical Unreviewed

CVE-2025-28238 was published Apr 18, 2025

Improper session management in the /login_ok.htm endpoint of DAEnetIP4 METO v1.25 allows... Critical Unreviewed

CVE-2025-28242 was published Apr 18, 2025

Internet Starter, one of SoftCOM iKSORIS system modules, allows for setting an arbitrary session... Low Unreviewed

CVE-2024-49709 was published Apr 14, 2025

When configured using SAML, a session fixation vulnerability in the GlobalProtect™ login enables... High Unreviewed

CVE-2025-0126 was published Apr 11, 2025

The Service Layer in SAP Business One, allows attackers to potentially gain unauthorized access... Moderate Unreviewed

CVE-2025-26658 was published Mar 11, 2025

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923... Critical Unreviewed

CVE-2025-27661 was published Mar 5, 2025

Mattermost fails to invalidate all active sessions when converting a user to a bot Low

CVE-2025-1412 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 24, 2025

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages with Watson Assistant chat feature... Moderate Unreviewed

CVE-2024-49344 was published Feb 20, 2025

Tiny File Manager v2.4.7 and below is vulnerable to session fixation. Critical Unreviewed

CVE-2022-40916 was published Feb 6, 2025

HCL iAutomate is affected by a session fixation vulnerability. An attacker could hijack a victim... Moderate Unreviewed

CVE-2024-42207 was published Feb 5, 2025

A UAA configured with multiple identity zones, does not properly validate session information... Moderate Unreviewed

CVE-2025-22216 was published Jan 31, 2025

An improper session validation allows an unauthenticated attacker to cause certain request... Moderate Unreviewed

CVE-2025-24502 was published Jan 30, 2025

A malicious actor can fix the session of a PAM user by tricking the user to click on a specially... Critical Unreviewed

CVE-2025-24503 was published Jan 30, 2025

Mailcow through 2024-11b has a session fixation vulnerability in the web panel. It allows remote... High Unreviewed

CVE-2024-56529 was published Jan 29, 2025

An issue in youdiancms v.9.5.20 and before allows a remote attacker to escalate privileges via... Critical Unreviewed

CVE-2024-57052 was published Jan 28, 2025

HCL MyXalytics is affected by a session fixation vulnerability. Cyber-criminals can exploit this... Moderate Unreviewed

CVE-2024-42170 was published Jan 11, 2025

HCL MyXalytics is affected by a session fixation vulnerability. Cyber-criminals can exploit this... Moderate Unreviewed

CVE-2024-42171 was published Jan 11, 2025

Session Fixation vulnerability in Drupal Two-factor Authentication (TFA) allows Session Fixation... Critical Unreviewed

CVE-2024-13279 was published Jan 9, 2025

Password Pusher Allows Session Token Interception Leading to Potential Hijacking Moderate

CVE-2024-56733 was published for pwpush (RubyGems) Dec 30, 2024

An attacker who can spoof the IP address and the User-Agent of a logged-in user can takeover the... Moderate Unreviewed

CVE-2024-28144 was published Dec 12, 2024

Session Fixation vulnerabilities allow an attacker to fix a users session identifier before login... Critical Unreviewed

CVE-2024-11317 was published Dec 5, 2024

A Session Fixation vulnerability exists in chatwoot/chatwoot versions prior to 2.4.0. The... Moderate Unreviewed

CVE-2021-3740 was published Nov 15, 2024

Session fixation vulnerability in Jenkins OpenId Connect Authentication Plugin High

CVE-2024-52553 was published for org.jenkins-ci.plugins:oic-auth (Maven) Nov 13, 2024

A session fixation in Fortinet FortiOS version 7.4.0 through 7.4.3 and 7.2.0 through 7.2.7 and 7... High Unreviewed

CVE-2023-50176 was published Nov 12, 2024

Previous 1 2 3 4 5 … 12 13 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

315 advisories