GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,466
Erlang
33
GitHub Actions
23
Go
2,167
Maven
5,000+
npm
3,830
NuGet
696
pip
3,508
Pub
12
RubyGems
910
Rust
906
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
218 advisories
Filter by severity
The Service Layer in SAP Business One, allows attackers to potentially gain unauthorized access...
Moderate
Unreviewed
CVE-2025-26658
was published
Mar 11, 2025
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923...
Critical
Unreviewed
CVE-2025-27661
was published
Mar 5, 2025
IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages
with Watson Assistant chat feature...
Moderate
Unreviewed
CVE-2024-49344
was published
Feb 20, 2025
Tiny File Manager v2.4.7 and below is vulnerable to session fixation.
Critical
Unreviewed
CVE-2022-40916
was published
Feb 6, 2025
HCL iAutomate is affected by a session fixation vulnerability. An attacker could hijack a victim...
Moderate
Unreviewed
CVE-2024-42207
was published
Feb 5, 2025
A UAA configured with multiple identity zones, does not properly validate session information...
Moderate
Unreviewed
CVE-2025-22216
was published
Jan 31, 2025
A malicious actor can fix the session of a PAM user by tricking the user to click on a specially...
Critical
Unreviewed
CVE-2025-24503
was published
Jan 30, 2025
An improper session validation allows an unauthenticated attacker to cause certain request...
Moderate
Unreviewed
CVE-2025-24502
was published
Jan 30, 2025
Mailcow through 2024-11b has a session fixation vulnerability in the web panel. It allows remote...
High
Unreviewed
CVE-2024-56529
was published
Jan 29, 2025
An issue in youdiancms v.9.5.20 and before allows a remote attacker to escalate privileges via...
Critical
Unreviewed
CVE-2024-57052
was published
Jan 28, 2025
HCL MyXalytics is affected by a session fixation vulnerability. Cyber-criminals can exploit this...
Moderate
Unreviewed
CVE-2024-42170
was published
Jan 11, 2025
HCL MyXalytics is affected by a session fixation vulnerability. Cyber-criminals can exploit this...
Moderate
Unreviewed
CVE-2024-42171
was published
Jan 11, 2025
Session Fixation vulnerability in Drupal Two-factor Authentication (TFA) allows Session Fixation...
Critical
Unreviewed
CVE-2024-13279
was published
Jan 9, 2025
An attacker who can spoof the IP address and the User-Agent of a logged-in user can takeover the...
Moderate
Unreviewed
CVE-2024-28144
was published
Dec 12, 2024
Session Fixation vulnerabilities allow an attacker to fix a users session identifier before login...
Critical
Unreviewed
CVE-2024-11317
was published
Dec 5, 2024
A Session Fixation vulnerability exists in chatwoot/chatwoot versions prior to 2.4.0. The...
Moderate
Unreviewed
CVE-2021-3740
was published
Nov 15, 2024
The End-User Portal module before 1.0.65 for FreeScout sometimes allows an attacker to...
Critical
Unreviewed
CVE-2023-52268
was published
Nov 12, 2024
A session fixation in Fortinet FortiOS version 7.4.0 through 7.4.3 and 7.2.0 through 7.2.7 and 7...
High
Unreviewed
CVE-2023-50176
was published
Nov 12, 2024
A session fixation issue was discovered in the NGINX OpenID Connect reference implementation,...
Moderate
Unreviewed
CVE-2024-10318
was published
Nov 6, 2024
In NetAdmin 4.0.30319, an attacker can steal a valid session cookie and inject it into another...
High
Unreviewed
CVE-2024-48955
was published
Oct 29, 2024
A vulnerability classified as problematic has been found in PHPGurukul Boat Booking System 1.0....
Moderate
Unreviewed
CVE-2024-10158
was published
Oct 20, 2024
Session Fixation vulnerability in Oceanic Software ValeApp allows Brute Force, Session Hijacking...
Critical
Unreviewed
CVE-2024-8643
was published
Sep 27, 2024
The H2-DM1E PLC's authentication protocol appears to utilize either a custom encoding scheme or a...
High
Unreviewed
CVE-2024-45368
was published
Sep 13, 2024
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP2)....
Moderate
Unreviewed
CVE-2024-42345
was published
Sep 10, 2024
IBM Aspera Shares 1.10.0 PL2 does not invalidate session after a password change which could...
Moderate
Unreviewed
CVE-2023-38018
was published
Aug 12, 2024
ProTip!
Advisories are also available from the
GraphQL API