GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
72 advisories
Filter by severity
A flaw was found in WildFly Elytron. A variation to the use of a session fixation exploit when...
Moderate
Unreviewed
CVE-2021-20324
was published
Apr 19, 2022
Session fixation vulnerability in Drupal 5.x before 5.9 and 6.x before 6.3, when contributed...
Moderate
Unreviewed
CVE-2008-3222
was published
May 1, 2022
Cloud Foundry Stratos, versions prior to 2.3.0, contains an insecure session that can be spoofed....
Moderate
Unreviewed
CVE-2019-3784
was published
May 13, 2022
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance does not...
Moderate
Unreviewed
CVE-2018-1948
was published
May 13, 2022
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 does not...
Moderate
Unreviewed
CVE-2018-1804
was published
May 13, 2022
IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not renew a session...
Moderate
Unreviewed
CVE-2018-1626
was published
May 13, 2022
IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not set the secure attribute...
Moderate
Unreviewed
CVE-2018-1484
was published
May 13, 2022
IBM Jazz Foundation products could allow a user with physical access to the system to log in as...
Moderate
Unreviewed
CVE-2018-1492
was published
May 13, 2022
IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not renew a session variable...
Moderate
Unreviewed
CVE-2018-1485
was published
May 13, 2022
IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not set the 'HttpOnly'...
Moderate
Unreviewed
CVE-2018-1480
was published
May 13, 2022
Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The...
Moderate
Unreviewed
CVE-2018-17902
was published
May 13, 2022
Session fixation vulnerability in SYNO.PhotoStation.Auth in Synology Photo Station before 6.8.7...
Moderate
Unreviewed
CVE-2018-13282
was published
May 13, 2022
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior,...
Moderate
Unreviewed
CVE-2018-10591
was published
May 13, 2022
A vulnerability in the session identification management functionality of the web-based...
Moderate
Unreviewed
CVE-2018-0359
was published
May 13, 2022
A vulnerability in the implementation of Security Assertion Markup Language (SAML) Single Sign-On...
Moderate
Unreviewed
CVE-2018-0229
was published
May 13, 2022
IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 does not set the secure...
Moderate
Unreviewed
CVE-2017-1368
was published
May 13, 2022
A vulnerability in the web functionality of the Cisco Prime LAN Management Solution could allow...
Moderate
Unreviewed
CVE-2017-12225
was published
May 13, 2022
Nextcloud Server before 11.0.3 is vulnerable to an improper session handling allowed an...
Moderate
Unreviewed
CVE-2017-0892
was published
May 13, 2022
nss before version 3.30 is vulnerable to a remote denial of service during the session handshake...
Moderate
Unreviewed
CVE-2016-9574
was published
May 13, 2022
ubuntu-image 1.0 before 2017-07-07, when invoked as non-root, creates files in the resulting...
Moderate
Unreviewed
CVE-2017-10600
was published
May 13, 2022
A Session Fixation issue was discovered in Bigtree before 4.2.24. admin.php accepts a user...
Moderate
Unreviewed
CVE-2018-18380
was published
May 14, 2022
Session Fixation in the web application for TerraMaster TOS version 3.1.03 allows attackers to...
Moderate
Unreviewed
CVE-2018-13337
was published
May 14, 2022
** DISPUTED ** Prior to 2018-04-27, the reprompt feature in Amazon Echo devices could be misused...
Moderate
Unreviewed
CVE-2018-11567
was published
May 14, 2022
In Nessus before 7.1.0, Session Fixation exists due to insufficient session management within the...
Moderate
Unreviewed
CVE-2018-1148
was published
May 14, 2022
Session management issue in RX-V200 firmware versions prior to 09.87.17.09, RX-V100 firmware...
Moderate
Unreviewed
CVE-2017-10890
was published
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API