GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
40 advisories
Filter by severity
Hybridsessions does not expire session id on logout
Moderate
CVE-2022-24444
was published
for
silverstripe/hybridsessions
(Composer)
Jun 29, 2022
Jenkins Google Login Plugin Session Fixation vulnerability
Moderate
CVE-2018-1000173
was published
for
org.jenkins-ci.plugins:google-login
(Maven)
May 14, 2022
Insufficient Session Expiration in snipe/snipe-it
Moderate
CVE-2022-2997
was published
for
snipe/snipe-it
(Composer)
Aug 26, 2022
Improper user session handling in filegator
Moderate
CVE-2022-1849
was published
for
filegator/filegator
(Composer)
May 25, 2022
Tribal Systems Zenario CMS vulnerable to Session Fixation
Moderate
CVE-2022-4231
was published
for
tribalsystems/zenario
(Composer)
Nov 30, 2022
Concrete CMS vulnerable to Session Fixation
Moderate
CVE-2022-43687
was published
for
concrete5/concrete5
(Composer)
Nov 15, 2022
Session Fixation in Subrion CMS
Moderate
CVE-2020-12467
was published
for
intelliants/subrion
(Composer)
Jun 22, 2021
Session fixation in express-openid-connect
Moderate
CVE-2021-41246
was published
for
express-openid-connect
(npm)
Dec 9, 2021
Shopware guest session is shared between customers
Moderate
CVE-2022-24745
was published
for
shopware/platform
(Composer)
Mar 10, 2022
alextselegidis/easyappointments Session Fixation vulnerability
Moderate
CVE-2023-2105
was published
for
alextselegidis/easyappointments
(Composer)
Apr 15, 2023
Symfony vulnerable to Session Fixation of CSRF tokens
Moderate
CVE-2022-24895
was published
for
symfony/security-bundle
(Composer)
Feb 1, 2023
Passport vulnerable to session regeneration when a users logs in or out
Moderate
CVE-2022-25896
was published
for
passport
(npm)
Jul 2, 2022
Froxlor Session Fixation vulnerability
Moderate
CVE-2023-3192
was published
for
froxlor/froxlor
(Composer)
Jun 11, 2023
Session fixation vulnerability in Rails
Moderate
CVE-2007-5380
was published
for
rails
(RubyGems)
Oct 24, 2017
Symfony possible session fixation vulnerability
Moderate
CVE-2023-46733
was published
for
symfony/security-http
(Composer)
Nov 12, 2023
Jenkins SAML Plugin Session Fixation vulnerability
Moderate
CVE-2018-1000602
was published
for
org.jenkins-ci.plugins:saml
(Maven)
May 14, 2022
Password Change Vulnerability
Moderate
CVE-2023-49804
was published
for
uptime-kuma
(npm)
Dec 12, 2023
Session Fixation in Jenkins
Moderate
CVE-2018-1000409
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
GitHub Authentication Plugin session fixation vulnerability
Moderate
CVE-2019-1003019
was published
for
org.jenkins-ci.plugins:github-oauth
(Maven)
May 13, 2022
Cookie persistence after password changes in symfony/security-bundle
Moderate
CVE-2021-41268
was published
for
symfony/security-bundle
(Composer)
Nov 24, 2021
Session fixation in change password form
Moderate
CVE-2019-12203
was published
for
silverstripe/framework
(Composer)
Nov 12, 2019
TYPO3 is vulnerable to Session Fixation
Moderate
CVE-2010-3671
was published
for
typo3/cms-install
(Composer)
Apr 21, 2022
Graylog session fixation vulnerability through cookie injection
Moderate
CVE-2024-24823
was published
for
org.graylog2:graylog2-server
(Maven)
Feb 7, 2024
ProTip!
Advisories are also available from the
GraphQL API