GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,230
Composer 4,347
Erlang 31
GitHub Actions 22
Go 2,117
Maven 5,289
npm 3,768
NuGet 680
pip 3,457
Pub 12
RubyGems 892
Rust 888
Swift 38

Unreviewed advisories

All unreviewed 243,668

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

213 advisories

Filter by severity

Sort by

Least recently updated

HCL iAutomate is affected by a session fixation vulnerability. An attacker could hijack a victim... Moderate Unreviewed

CVE-2024-42207 was published Feb 5, 2025

An improper session validation allows an unauthenticated attacker to cause certain request... Moderate Unreviewed

CVE-2025-24502 was published Jan 30, 2025

A malicious actor can fix the session of a PAM user by tricking the user to click on a specially... Critical Unreviewed

CVE-2025-24503 was published Jan 30, 2025

Dell Storage Resource Manager, 4.9.0.0 and below, contain(s) a Session Fixation Vulnerability in... Moderate Unreviewed

CVE-2024-0157 was published Apr 12, 2024

A UAA configured with multiple identity zones, does not properly validate session information... Moderate Unreviewed

CVE-2025-22216 was published Jan 31, 2025

Mailcow through 2024-11b has a session fixation vulnerability in the web panel. It allows remote... High Unreviewed

CVE-2024-56529 was published Jan 29, 2025

An issue in youdiancms v.9.5.20 and before allows a remote attacker to escalate privileges via... Critical Unreviewed

CVE-2024-57052 was published Jan 28, 2025

HCL MyXalytics is affected by a session fixation vulnerability. Cyber-criminals can exploit this... Moderate Unreviewed

CVE-2024-42170 was published Jan 11, 2025

HCL MyXalytics is affected by a session fixation vulnerability. Cyber-criminals can exploit this... Moderate Unreviewed

CVE-2024-42171 was published Jan 11, 2025

Session Fixation vulnerability in Drupal Two-factor Authentication (TFA) allows Session Fixation... Critical Unreviewed

CVE-2024-13279 was published Jan 9, 2025

Vulnerability of services denied by early fingerprint APIs on HarmonyOS products.Successful... Moderate Unreviewed

CVE-2023-34156 was published Jun 19, 2023

An attacker who can spoof the IP address and the User-Agent of a logged-in user can takeover the... Moderate Unreviewed

CVE-2024-28144 was published Dec 12, 2024

Session Fixation vulnerabilities allow an attacker to fix a users session identifier before login... Critical Unreviewed

CVE-2024-11317 was published Dec 5, 2024

An issue was discovered with the JSESSION IDs in Xiamen Si Xin Communication Technology Video... High Unreviewed

CVE-2023-34656 was published Jun 29, 2023

The End-User Portal module before 1.0.65 for FreeScout sometimes allows an attacker to... Critical Unreviewed

CVE-2023-52268 was published Nov 12, 2024

In certain conditions, depending on timing and the usage of the Chrome web browser, Guardian/CMC... Moderate Unreviewed

CVE-2023-24477 was published Aug 9, 2023

A Session Fixation vulnerability exists in chatwoot/chatwoot versions prior to 2.4.0. The... Moderate Unreviewed

CVE-2021-3740 was published Nov 15, 2024

A session fixation in Fortinet FortiOS version 7.4.0 through 7.4.3 and 7.2.0 through 7.2.7 and 7... High Unreviewed

CVE-2023-50176 was published Nov 12, 2024

A session fixation issue was discovered in the NGINX OpenID Connect reference implementation,... Moderate Unreviewed

CVE-2024-10318 was published Nov 6, 2024

In visitUris of RemoteViews.java, there is a possible leak of images between users due to a... Moderate Unreviewed

CVE-2023-21238 was published Jul 13, 2023

In visitUris of Notification.java, there is a possible way to leak image data across user... Moderate Unreviewed

CVE-2023-21239 was published Jul 13, 2023

In NetAdmin 4.0.30319, an attacker can steal a valid session cookie and inject it into another... High Unreviewed

CVE-2024-48955 was published Oct 29, 2024

A vulnerability classified as problematic has been found in PHPGurukul Boat Booking System 1.0.... Moderate Unreviewed

CVE-2024-10158 was published Oct 20, 2024

Session Fixation vulnerability in Oceanic Software ValeApp allows Brute Force, Session Hijacking... Critical Unreviewed

CVE-2024-8643 was published Sep 27, 2024

IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable... Moderate Unreviewed

CVE-2024-22318 was published Feb 9, 2024

Previous 1 2 3 4 5 … 8 9 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

213 advisories