Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

31 advisories

Loading
Access and integrity issue within Eclipse Jetty High
CVE-2018-12538 was published for org.eclipse.jetty:jetty-server (Maven) Oct 16, 2018
Insufficient Session Expiration in Kiali High
CVE-2020-1762 was published for github.com/kiali/kiali (Go) May 18, 2021
Improper Authentication in org.keycloak:keycloak-core High
CVE-2016-8609 was published for org.keycloak:keycloak-core (Maven) Oct 18, 2018
Session fixation vulnerability in Jenkins OpenID Plugin High
CVE-2023-24444 was published for org.jenkins-ci.plugins:openid (Maven) Jan 26, 2023
In Apache Tomcat, when using FORM authentication there was a narrow window where an attacker could perform a session fixation attack High
CVE-2019-17563 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Dec 26, 2019
Session Fixation in WildFly Elytron High
CVE-2020-10714 was published for org.wildfly.security:wildfly-elytron (Maven) Feb 15, 2022
Session Fixation in Apache Zeppelin High
CVE-2017-12619 was published for org.apache.zeppelin:zeppelin (Maven) Apr 24, 2019
Session fixation vulnerability in Jenkins OpenId Connect Authentication Plugin High
CVE-2023-24424 was published for org.jenkins-ci.plugins:oic-auth (Maven) Jan 26, 2023
Moodle Session Fixation vulnerability High
CVE-2021-36394 was published for moodle/moodle (Composer) Mar 6, 2023
KubePi session fixation attack allows an attacker to hijack a legitimate user session. High
CVE-2023-22479 was published for github.com/KubeOperator/kubepi (Go) Jan 9, 2023
Jenkins OpenShift Login Plugin session fixation vulnerability High
CVE-2023-37946 was published for org.openshift.jenkins:openshift-login (Maven) Jul 12, 2023
Jenkins WSO2 Oauth Plugin Session Fixation vulnerability High
CVE-2023-33005 was published for org.jenkins-ci.plugins:wso2id-oauth (Maven) May 16, 2023
Uptime Kuma has Persistentent User Sessions High
CVE-2023-44400 was published for uptime-kuma (npm) Oct 10, 2023
Nansess dj4oC
Session fixation in fastify-passport High
CVE-2023-29019 was published for @fastify/passport (npm) Apr 21, 2023
pedromigueladao lavish
Jenkins Gitlab Authentication Plugin vulnerable to Session Fixation High
CVE-2019-10371 was published for org.jenkins-ci.plugins:gitlab-oauth (Maven) May 24, 2022
Session fixation vulnerability in Jenkins High
CVE-2021-21671 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Session Fixation in Apache CXF High
CVE-2017-5656 was published for org.apache.cxf:cxf-core (Maven) May 13, 2022
sunSUNQ
Jenkins CAS Plugin Session Fixation vulnerability High
CVE-2023-32997 was published for org.jenkins-ci.plugins:cas-plugin (Maven) May 16, 2023
Authentication library in TYPO3 vulnerable to session fixation High
CVE-2009-0256 was published for typo3/cms (Composer) May 2, 2022
Symfony Session Fixation Vulnerability High
CVE-2018-11385 was published for symfony/security (Composer) May 14, 2022
Magento 2 Community Edition Session Fixation Check High
CVE-2019-7849 was published for magento/community-edition (Composer) May 24, 2022
silverstripe/framework's User-Agent header not correctly invalidating user session High
GHSA-4qx8-j9vh-2628 was published for silverstripe/framework (Composer) May 27, 2024
TYPO3 frontend login vulnerable to Session Fixation High
GHSA-r9vc-jfmh-6j48 was published for typo3/cms (Composer) May 30, 2024
Session is cached for OpenID and OAuth2 if `redirect` is not used High
CVE-2024-45596 was published for @directus/api (npm) Sep 10, 2024
joselcvarela
Apache Airflow Session Fixation vulnerability High
CVE-2023-40273 was published for apache-airflow (pip) Aug 23, 2023
ProTip! Advisories are also available from the GraphQL API