GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,672
Composer 4,466
Erlang 33
GitHub Actions 23
Go 2,167
Maven 5,398
npm 3,830
NuGet 696
pip 3,508
Pub 12
RubyGems 910
Rust 906
Swift 38

Unreviewed advisories

All unreviewed 247,876

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

218 advisories

Filter by severity

Sort by

Least recently updated

The Service Layer in SAP Business One, allows attackers to potentially gain unauthorized access... Moderate Unreviewed

CVE-2025-26658 was published Mar 11, 2025

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923... Critical Unreviewed

CVE-2025-27661 was published Mar 5, 2025

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages with Watson Assistant chat feature... Moderate Unreviewed

CVE-2024-49344 was published Feb 20, 2025

Tiny File Manager v2.4.7 and below is vulnerable to session fixation. Critical Unreviewed

CVE-2022-40916 was published Feb 6, 2025

HCL iAutomate is affected by a session fixation vulnerability. An attacker could hijack a victim... Moderate Unreviewed

CVE-2024-42207 was published Feb 5, 2025

A UAA configured with multiple identity zones, does not properly validate session information... Moderate Unreviewed

CVE-2025-22216 was published Jan 31, 2025

A malicious actor can fix the session of a PAM user by tricking the user to click on a specially... Critical Unreviewed

CVE-2025-24503 was published Jan 30, 2025

An improper session validation allows an unauthenticated attacker to cause certain request... Moderate Unreviewed

CVE-2025-24502 was published Jan 30, 2025

Mailcow through 2024-11b has a session fixation vulnerability in the web panel. It allows remote... High Unreviewed

CVE-2024-56529 was published Jan 29, 2025

An issue in youdiancms v.9.5.20 and before allows a remote attacker to escalate privileges via... Critical Unreviewed

CVE-2024-57052 was published Jan 28, 2025

HCL MyXalytics is affected by a session fixation vulnerability. Cyber-criminals can exploit this... Moderate Unreviewed

CVE-2024-42170 was published Jan 11, 2025

HCL MyXalytics is affected by a session fixation vulnerability. Cyber-criminals can exploit this... Moderate Unreviewed

CVE-2024-42171 was published Jan 11, 2025

Session Fixation vulnerability in Drupal Two-factor Authentication (TFA) allows Session Fixation... Critical Unreviewed

CVE-2024-13279 was published Jan 9, 2025

An attacker who can spoof the IP address and the User-Agent of a logged-in user can takeover the... Moderate Unreviewed

CVE-2024-28144 was published Dec 12, 2024

Session Fixation vulnerabilities allow an attacker to fix a users session identifier before login... Critical Unreviewed

CVE-2024-11317 was published Dec 5, 2024

A Session Fixation vulnerability exists in chatwoot/chatwoot versions prior to 2.4.0. The... Moderate Unreviewed

CVE-2021-3740 was published Nov 15, 2024

The End-User Portal module before 1.0.65 for FreeScout sometimes allows an attacker to... Critical Unreviewed

CVE-2023-52268 was published Nov 12, 2024

A session fixation in Fortinet FortiOS version 7.4.0 through 7.4.3 and 7.2.0 through 7.2.7 and 7... High Unreviewed

CVE-2023-50176 was published Nov 12, 2024

A session fixation issue was discovered in the NGINX OpenID Connect reference implementation,... Moderate Unreviewed

CVE-2024-10318 was published Nov 6, 2024

In NetAdmin 4.0.30319, an attacker can steal a valid session cookie and inject it into another... High Unreviewed

CVE-2024-48955 was published Oct 29, 2024

A vulnerability classified as problematic has been found in PHPGurukul Boat Booking System 1.0.... Moderate Unreviewed

CVE-2024-10158 was published Oct 20, 2024

Session Fixation vulnerability in Oceanic Software ValeApp allows Brute Force, Session Hijacking... Critical Unreviewed

CVE-2024-8643 was published Sep 27, 2024

The H2-DM1E PLC's authentication protocol appears to utilize either a custom encoding scheme or a... High Unreviewed

CVE-2024-45368 was published Sep 13, 2024

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP2).... Moderate Unreviewed

CVE-2024-42345 was published Sep 10, 2024

IBM Aspera Shares 1.10.0 PL2 does not invalidate session after a password change which could... Moderate Unreviewed

CVE-2023-38018 was published Aug 12, 2024

Previous 1 2 3 4 5 … 8 9 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

218 advisories