GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
87 advisories
Filter by severity
Access and integrity issue within Eclipse Jetty
High
CVE-2018-12538
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Oct 16, 2018
Insufficient Session Expiration in Kiali
High
CVE-2020-1762
was published
for
github.com/kiali/kiali
(Go)
May 18, 2021
Improper Authentication in org.keycloak:keycloak-core
High
CVE-2016-8609
was published
for
org.keycloak:keycloak-core
(Maven)
Oct 18, 2018
Session fixation vulnerability in Jenkins OpenID Plugin
High
CVE-2023-24444
was published
for
org.jenkins-ci.plugins:openid
(Maven)
Jan 26, 2023
Hybridsessions does not expire session id on logout
Moderate
CVE-2022-24444
was published
for
silverstripe/hybridsessions
(Composer)
Jun 29, 2022
Jenkins Google Login Plugin Session Fixation vulnerability
Moderate
CVE-2018-1000173
was published
for
org.jenkins-ci.plugins:google-login
(Maven)
May 14, 2022
In Apache Tomcat, when using FORM authentication there was a narrow window where an attacker could perform a session fixation attack
High
CVE-2019-17563
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Dec 26, 2019
Session Fixation in WildFly Elytron
High
CVE-2020-10714
was published
for
org.wildfly.security:wildfly-elytron
(Maven)
Feb 15, 2022
Insufficient Session Expiration in snipe/snipe-it
Moderate
CVE-2022-2997
was published
for
snipe/snipe-it
(Composer)
Aug 26, 2022
Improper user session handling in filegator
Moderate
CVE-2022-1849
was published
for
filegator/filegator
(Composer)
May 25, 2022
Tribal Systems Zenario CMS vulnerable to Session Fixation
Moderate
CVE-2022-4231
was published
for
tribalsystems/zenario
(Composer)
Nov 30, 2022
Session Fixation in Apache Zeppelin
High
CVE-2017-12619
was published
for
org.apache.zeppelin:zeppelin
(Maven)
Apr 24, 2019
Concrete CMS vulnerable to Session Fixation
Moderate
CVE-2022-43687
was published
for
concrete5/concrete5
(Composer)
Nov 15, 2022
Session Fixation in Subrion CMS
Moderate
CVE-2020-12467
was published
for
intelliants/subrion
(Composer)
Jun 22, 2021
Session fixation in express-openid-connect
Moderate
CVE-2021-41246
was published
for
express-openid-connect
(npm)
Dec 9, 2021
Shopware guest session is shared between customers
Moderate
CVE-2022-24745
was published
for
shopware/platform
(Composer)
Mar 10, 2022
Session fixation vulnerability in Jenkins OpenId Connect Authentication Plugin
High
CVE-2023-24424
was published
for
org.jenkins-ci.plugins:oic-auth
(Maven)
Jan 26, 2023
Session fixation vulnerability in Jenkins Bitbucket OAuth Plugin
Critical
CVE-2023-24427
was published
for
org.jenkins-ci.plugins:bitbucket-oauth
(Maven)
Jan 26, 2023
Moodle Session Fixation vulnerability
High
CVE-2021-36394
was published
for
moodle/moodle
(Composer)
Mar 6, 2023
Hazelcast connection caching
Critical
CVE-2022-36437
was published
for
com.hazelcast.jet:hazelcast-jet
(Maven)
Dec 27, 2022
alextselegidis/easyappointments Session Fixation vulnerability
Moderate
CVE-2023-2105
was published
for
alextselegidis/easyappointments
(Composer)
Apr 15, 2023
Symfony vulnerable to Session Fixation of CSRF tokens
Moderate
CVE-2022-24895
was published
for
symfony/security-bundle
(Composer)
Feb 1, 2023
KubePi session fixation attack allows an attacker to hijack a legitimate user session.
High
CVE-2023-22479
was published
for
github.com/KubeOperator/kubepi
(Go)
Jan 9, 2023
ProTip!
Advisories are also available from the
GraphQL API