Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

273 advisories

Loading
An issue was discovered in Appalti & Contratti 9.12.2. It allows Session Fixation. When a user... Moderate Unreviewed
CVE-2022-44788 was published Nov 22, 2022
An issue was discovered in BACKCLICK Professional 5.9.63. Due to an unsafe implementation of... High Unreviewed
CVE-2022-44007 was published Nov 17, 2022
Session fixation exists in ZoneMinder through 1.36.12 as an attacker can poison a session cookie... Moderate Unreviewed
CVE-2022-30769 was published Nov 16, 2022
Concrete CMS vulnerable to Session Fixation Moderate
CVE-2022-43687 was published for concrete5/concrete5 (Composer) Nov 15, 2022
VMware Workspace ONE Assist prior to 22.10 contains a Session fixation vulnerability. A malicious... Critical Unreviewed
CVE-2022-31689 was published Nov 10, 2022
A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER... High Unreviewed
CVE-2022-43398 was published Nov 8, 2022
The application was vulnerable to a session fixation that could be used hijack accounts. Critical Unreviewed
CVE-2022-40293 was published Nov 1, 2022
com.enonic.xp:lib-auth vulnerable to Session Fixation Critical
GHSA-4m5p-5w5w-3jcf was published for com.enonic.xp:lib-auth (Maven) Oct 12, 2022
IBM Sterling Partner Engagement Manager 2.0 does not invalidate session after logout which could... Moderate Unreviewed
CVE-2022-34334 was published Oct 11, 2022
A vulnerability has been identified in SICAM P850 (All versions < V3.10), SICAM P850 (All... High Unreviewed
CVE-2022-40226 was published Oct 11, 2022
rdiffweb vulnerable to account access via session fixation Critical
CVE-2022-3269 was published for rdiffweb (pip) Sep 25, 2022
This vulnerability exists in Tacitine Firewall, all versions of EN6200-PRIME QUAD-35 and EN6200... Critical Unreviewed
CVE-2022-40630 was published Sep 25, 2022
Apache IoTDB Session Fixation vulnerability High
CVE-2022-38369 was published for apache-iotdb (Maven) Sep 6, 2022
Apache Airflow Session Fixation vulnerability Critical
CVE-2022-38054 was published for apache-airflow (pip) Sep 3, 2022
Insufficient Session Expiration in snipe/snipe-it Moderate
CVE-2022-2997 was published for snipe/snipe-it (Composer) Aug 26, 2022
A privilege escalation vulnerability exists in the session id functionality of WWBN AVideo 11.6... High Unreviewed
CVE-2022-30605 was published Aug 23, 2022
Improper Access Control in GitHub repository namelessmc/nameless prior to v2.0.2. High Unreviewed
CVE-2022-2820 was published Aug 16, 2022
Dell Wyse Management Suite 3.6.1 and below contains a Session Fixation vulnerability. A... Moderate Unreviewed
CVE-2022-33927 was published Aug 11, 2022
Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 allows attackers to access the core log... High Unreviewed
CVE-2022-34536 was published Jul 20, 2022
Session fixation vulnerability in access control management in Synology Photo Station before 6.8... High Unreviewed
CVE-2022-22681 was published Jul 7, 2022
Passport vulnerable to session regeneration when a users logs in or out Moderate
CVE-2022-25896 was published for passport (npm) Jul 2, 2022
jhutchings1
Hybridsessions does not expire session id on logout Moderate
CVE-2022-24444 was published for silverstripe/hybridsessions (Composer) Jun 29, 2022
Improper user session handling in filegator Moderate
CVE-2022-1849 was published for filegator/filegator (Composer) May 25, 2022
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower has incorrectly... High Unreviewed
CVE-2020-25198 was published May 24, 2022
SolarWinds N-central through 2020.1 allows session hijacking and requires user interaction or... High Unreviewed
CVE-2020-15909 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API