Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,339
Erlang
31
GitHub Actions
22
Go
2,099
Maven
5,000+
npm
3,763
NuGet
678
pip
3,448
Pub
12
RubyGems
892
Rust
883
Swift
37
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

207 advisories

Loading
An internal product security audit discovered a session handling vulnerability in the web... High Unreviewed
CVE-2019-6161 was published May 24, 2022
A remote session reuse vulnerability was discovered in HPE 3PAR StoreServ Management and Core... High Unreviewed
CVE-2019-5406 was published May 24, 2022
A remote session reuse vulnerability was discovered in HPE 3PAR Service Processor version(s):... Moderate Unreviewed
CVE-2019-5400 was published May 24, 2022
Wind River VxWorks 6.5 through 6.9 and vx7 has Session Fixation in the TCP component. This is a... High Unreviewed
CVE-2019-12258 was published May 24, 2022
IBM Cloud Private 3.1.0, 3.1.1, and 3.1.2 does not invalidate session after logout which could... Moderate Unreviewed
CVE-2019-4439 was published May 24, 2022
On eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16, automatic login... High Unreviewed
CVE-2019-10120 was published May 24, 2022
IBM Security Access Manager 9.0.1 through 9.0.6 does not invalidate session tokens in a timely... Moderate Unreviewed
CVE-2019-4152 was published May 24, 2022
The "action" get_sess_id in the web application of Pydio through 8.2.2 discloses the session... Moderate Unreviewed
CVE-2019-10045 was published May 24, 2022
A vulnerability in the session management functionality of the web UI for the Cisco Umbrella... High Unreviewed
CVE-2019-1807 was published May 24, 2022
BPC SmartVista 2 has Session Fixation via the JSESSIONID parameter. High Unreviewed
CVE-2018-15208 was published May 24, 2022
Zoho ManageEngine ServiceDesk 9.3 allows session hijacking and privilege escalation because an... High Unreviewed
CVE-2019-10008 was published May 24, 2022
IBM Jazz Foundation could allow an authenticated user to take over a previously logged in user... Moderate Unreviewed
CVE-2016-6040 was published May 17, 2022
Tivoli Storage Manager Operations Center could allow a local user to take over a previously... High Unreviewed
CVE-2016-6043 was published May 17, 2022
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior,... Moderate Unreviewed
CVE-2017-5141 was published May 17, 2022
Session fixation vulnerability in the forgot password mechanism in Revive Adserver before 4.0.1,... Moderate Unreviewed
CVE-2017-5831 was published May 17, 2022
Session fixation vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack... High Unreviewed
CVE-2016-10205 was published May 17, 2022
In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could occur, aka NSWA-1310. High Unreviewed
CVE-2017-6412 was published May 17, 2022
Session fixation vulnerability in pcsd in pcs before 0.9.157. High Unreviewed
CVE-2016-0721 was published May 17, 2022
IBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly update the SESSIONID with... Moderate Unreviewed
CVE-2017-1152 was published May 17, 2022
Session Side jacking vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9... High Unreviewed
CVE-2017-4014 was published May 17, 2022
Session fixation vulnerability in Cybozu Garoon 4.0.0 to 4.2.4 allows remote attackers to perform... Moderate Unreviewed
CVE-2017-2145 was published May 17, 2022
IBM Security Identity Manager Virtual Appliance does not invalidate session tokens which could... Low Unreviewed
CVE-2016-9703 was published May 17, 2022
Session fixation vulnerability in Unit4 Polska TETA Web (formerly TETA Galactica) 22.62.3.4 and... Critical Unreviewed
CVE-2015-1174 was published May 17, 2022
IBM AppScan Enterprise Edition 9.0 contains an unspecified vulnerability that could allow an... High Unreviewed
CVE-2016-9981 was published May 17, 2022
Session fixation vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7... Moderate Unreviewed
CVE-2014-4789 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database