GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
89 advisories
Filter by severity
A session fixation in Fortinet FortiOS version 7.4.0 through 7.4.3 and 7.2.0 through 7.2.7 and 7...
High
Unreviewed
CVE-2023-50176
was published
Nov 12, 2024
In NetAdmin 4.0.30319, an attacker can steal a valid session cookie and inject it into another...
High
Unreviewed
CVE-2024-48955
was published
Oct 29, 2024
The H2-DM1E PLC's authentication protocol appears to utilize either a custom encoding scheme or a...
High
Unreviewed
CVE-2024-45368
was published
Sep 13, 2024
An issue in Outline <= v0.76.1 allows attackers to execute a session hijacking attack via user...
High
Unreviewed
CVE-2024-37829
was published
Jul 9, 2024
Session Hijack vulnerability in Deprecated VMware Enhanced Authentication Plug-in could allow a...
High
Unreviewed
CVE-2024-22250
was published
Feb 20, 2024
An issue was discovered in Mbed TLS through 3.5.1. In mbedtls_ssl_session_reset, the maximum...
High
Unreviewed
CVE-2023-52353
was published
Jan 22, 2024
A session hijacking vulnerability has been detected in the Imou Life application affecting...
High
Unreviewed
CVE-2023-6913
was published
Dec 19, 2023
A session fixation vulnerability in South River Technologies' Titan MFT and Titan SFTP servers on...
High
Unreviewed
CVE-2023-45687
was published
Oct 16, 2023
Session Fixation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows...
High
Unreviewed
CVE-2023-3711
was published
Sep 12, 2023
In certain conditions, depending on timing and the usage of the Chrome web browser, Guardian/CMC...
High
Unreviewed
CVE-2023-24477
was published
Aug 9, 2023
Some access control products are vulnerable to a session hijacking attack because the product...
High
Unreviewed
CVE-2023-28809
was published
Jun 15, 2023
A session takeover vulnerability exists in FICO Origination Manager Decision Module 4.8.1 due to...
High
Unreviewed
CVE-2023-30056
was published
May 9, 2023
Session Fixation vulnerability in in function login in class.auth.php in osTicket through 1.16.2.
High
Unreviewed
CVE-2022-31888
was published
Apr 6, 2023
Session fixation vulnerability in CuppaCMS thru commit 4c9b742b23b924cf4c1f943f48b278e06a17e297...
High
Unreviewed
CVE-2021-29368
was published
Jan 20, 2023
An issue was discovered in Simmeth Lieferantenmanager before 5.6. Due to errors in session...
High
Unreviewed
CVE-2022-44017
was published
Dec 25, 2022
An OAuth session fixation vulnerability existed in the VPN login flow, where an attacker could...
High
Unreviewed
CVE-2020-15679
was published
Dec 22, 2022
An issue was discovered in BACKCLICK Professional 5.9.63. Due to an unsafe implementation of...
High
Unreviewed
CVE-2022-44007
was published
Nov 17, 2022
A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER...
High
Unreviewed
CVE-2022-43398
was published
Nov 8, 2022
A vulnerability has been identified in SICAM P850 (All versions < V3.10), SICAM P850 (All...
High
Unreviewed
CVE-2022-40226
was published
Oct 11, 2022
A privilege escalation vulnerability exists in the session id functionality of WWBN AVideo 11.6...
High
Unreviewed
CVE-2022-30605
was published
Aug 23, 2022
Improper Access Control in GitHub repository namelessmc/nameless prior to v2.0.2.
High
Unreviewed
CVE-2022-2820
was published
Aug 16, 2022
Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 allows attackers to access the core log...
High
Unreviewed
CVE-2022-34536
was published
Jul 20, 2022
Session fixation vulnerability in access control management in Synology Photo Station before 6.8...
High
Unreviewed
CVE-2022-22681
was published
Jul 7, 2022
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower has incorrectly...
High
Unreviewed
CVE-2020-25198
was published
May 24, 2022
SolarWinds N-central through 2020.1 allows session hijacking and requires user interaction or...
High
Unreviewed
CVE-2020-15909
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API