GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
40 advisories
Filter by severity
Umbraco CMS Has Incomplete Server Termination During Explicit Sign-Out
Moderate
CVE-2024-48929
was published
for
Umbraco.CMS
(NuGet)
Oct 22, 2024
Liferay Portal's account lockout does not invalidate existing user sessions
Moderate
CVE-2023-47798
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 8, 2024
Django allows user sessions hijacking via an empty string in the session key
Moderate
CVE-2015-3982
was published
for
Django
(pip)
May 17, 2022
aiohttp-session Session Fixation vulnerability
Moderate
CVE-2018-1000519
was published
for
aiohttp-session
(pip)
Sep 13, 2018
Unauthenticated Access to sensitive settings in Argo CD
Moderate
CVE-2024-37152
was published
for
github.com/argoproj/argo-cd/v2/server
(Go)
Jun 6, 2024
Zend-Session session validation vulnerability
Moderate
GHSA-96c6-m98x-hxjx
was published
for
zendframework/zend-session
(Composer)
Jun 7, 2024
Zendframework session validation vulnerability
Moderate
GHSA-62f6-h68r-3jpw
was published
for
zendframework/zendframework
(Composer)
Jun 7, 2024
TYPO3 Security Misconfiguration in User Session Handling
Moderate
GHSA-xmgr-jff3-fcfv
was published
for
typo3/cms-core
(Composer)
May 30, 2024
Laravel Hijacked authentication cookies vulnerability
Moderate
GHSA-p62r-7637-3wwc
was published
for
laravel/framework
(Composer)
May 15, 2024
Laravel Hijacked authentication cookies vulnerability
Moderate
GHSA-q4xf-7fw5-4x8v
was published
for
illuminate/auth
(Composer)
May 15, 2024
Keycloak vulnerable to session hijacking via re-authentication
Moderate
CVE-2023-6787
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
phpMyAdmin Bypass logout timeout
Moderate
CVE-2016-9851
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 17, 2022
zenml Session Fixation vulnerability
Moderate
CVE-2024-2260
was published
for
zenml
(pip)
Apr 16, 2024
Contao: Remember-me tokens will not be cleared after a password change
Moderate
CVE-2024-30262
was published
for
contao/core-bundle
(Composer)
Apr 9, 2024
Graylog session fixation vulnerability through cookie injection
Moderate
CVE-2024-24823
was published
for
org.graylog2:graylog2-server
(Maven)
Feb 7, 2024
TYPO3 is vulnerable to Session Fixation
Moderate
CVE-2010-3671
was published
for
typo3/cms-install
(Composer)
Apr 21, 2022
Session fixation in change password form
Moderate
CVE-2019-12203
was published
for
silverstripe/framework
(Composer)
Nov 12, 2019
Cookie persistence after password changes in symfony/security-bundle
Moderate
CVE-2021-41268
was published
for
symfony/security-bundle
(Composer)
Nov 24, 2021
OpenStack Horizon Session Fixation
Moderate
CVE-2012-2144
was published
for
horizon
(pip)
May 17, 2022
GitHub Authentication Plugin session fixation vulnerability
Moderate
CVE-2019-1003019
was published
for
org.jenkins-ci.plugins:github-oauth
(Maven)
May 13, 2022
Session Fixation in Jenkins
Moderate
CVE-2018-1000409
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
Password Change Vulnerability
Moderate
CVE-2023-49804
was published
for
uptime-kuma
(npm)
Dec 12, 2023
Jenkins SAML Plugin Session Fixation vulnerability
Moderate
CVE-2018-1000602
was published
for
org.jenkins-ci.plugins:saml
(Maven)
May 14, 2022
Symfony possible session fixation vulnerability
Moderate
CVE-2023-46733
was published
for
symfony/security-http
(Composer)
Nov 12, 2023
Session fixation vulnerability in Rails
Moderate
CVE-2007-5380
was published
for
rails
(RubyGems)
Oct 24, 2017
ProTip!
Advisories are also available from the
GraphQL API