GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
200 advisories
Filter by severity
A Session Fixation vulnerability exists in chatwoot/chatwoot versions prior to 2.4.0. The...
Moderate
Unreviewed
CVE-2021-3740
was published
Nov 15, 2024
The End-User Portal module before 1.0.65 for FreeScout sometimes allows an attacker to...
Critical
Unreviewed
CVE-2023-52268
was published
Nov 12, 2024
A session fixation in Fortinet FortiOS version 7.4.0 through 7.4.3 and 7.2.0 through 7.2.7 and 7...
High
Unreviewed
CVE-2023-50176
was published
Nov 12, 2024
A session fixation issue was discovered in the NGINX OpenID Connect reference implementation,...
Moderate
Unreviewed
CVE-2024-10318
was published
Nov 6, 2024
In NetAdmin 4.0.30319, an attacker can steal a valid session cookie and inject it into another...
High
Unreviewed
CVE-2024-48955
was published
Oct 29, 2024
A vulnerability classified as problematic has been found in PHPGurukul Boat Booking System 1.0....
Moderate
Unreviewed
CVE-2024-10158
was published
Oct 20, 2024
Session Fixation vulnerability in Oceanic Software ValeApp allows Brute Force, Session Hijacking...
Critical
Unreviewed
CVE-2024-8643
was published
Sep 27, 2024
The H2-DM1E PLC's authentication protocol appears to utilize either a custom encoding scheme or a...
High
Unreviewed
CVE-2024-45368
was published
Sep 13, 2024
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP2)....
Moderate
Unreviewed
CVE-2024-42345
was published
Sep 10, 2024
IBM Aspera Shares 1.10.0 PL2 does not invalidate session after a password change which could...
Moderate
Unreviewed
CVE-2023-38018
was published
Aug 12, 2024
An issue in Outline <= v0.76.1 allows attackers to execute a session hijacking attack via user...
High
Unreviewed
CVE-2024-37829
was published
Jul 9, 2024
A session fixation vulnerability in Bludit allows an attacker to bypass the server's...
Unknown
Unreviewed
CVE-2024-24552
was published
Jun 24, 2024
IBM Storage Scale 5.1.0.0 through 5.1.9.2 could allow an authenticated user to steal or...
Moderate
Unreviewed
CVE-2023-38002
was published
Apr 30, 2024
A vulnerability was found in Bdtask Wholesale Inventory Management System up to 20240311. It has...
Moderate
Unreviewed
CVE-2024-2639
was published
Mar 19, 2024
Session Hijack vulnerability in Deprecated VMware Enhanced Authentication Plug-in could allow a...
High
Unreviewed
CVE-2024-22250
was published
Feb 20, 2024
Sametime is impacted by a failure to invalidate sessions. The application is setting sensitive...
Low
Unreviewed
CVE-2023-45718
was published
Feb 10, 2024
IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable...
Moderate
Unreviewed
CVE-2024-22318
was published
Feb 9, 2024
IBM PowerSC 1.3, 2.0, and 2.1 does not provide logout functionality, which could allow an...
Moderate
Unreviewed
CVE-2023-50941
was published
Feb 2, 2024
An issue was discovered in Mbed TLS through 3.5.1. In mbedtls_ssl_session_reset, the maximum...
High
Unreviewed
CVE-2023-52353
was published
Jan 22, 2024
An issue was discovered on GL.iNet devices before version 4.5.0. They assign the same session ID...
Moderate
Unreviewed
CVE-2023-50920
was published
Jan 12, 2024
A vulnerability classified as problematic has been found in SourceCodester Engineers Online...
Low
Unreviewed
CVE-2024-0351
was published
Jan 10, 2024
A session hijacking vulnerability has been detected in the Imou Life application affecting...
High
Unreviewed
CVE-2023-6913
was published
Dec 19, 2023
Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24.492 is vulnerable to...
Critical
Unreviewed
CVE-2023-48929
was published
Dec 8, 2023
Versions of Puppet Enterprise prior to 2021.7.6 and 2023.5 contain a flaw which results in broken...
Moderate
Unreviewed
CVE-2023-5309
was published
Nov 7, 2023
Sielco PolyEco1000 is vulnerable to a session hijack vulnerability due to the cookie being...
Critical
Unreviewed
CVE-2023-0897
was published
Oct 26, 2023
ProTip!
Advisories are also available from the
GraphQL API