Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
47
Go
3,340
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,549
Pub
12
RubyGems
1,012
Rust
1,202
Swift
51
Unreviewed advisories
All unreviewed
5,000+

357 advisories

Loading
MCP Ruby SDK: Insufficient Session Binding Allows SSE Stream Hijacking via Session ID Replay High
CVE-2026-33946 was published for mcp (RubyGems) Mar 27, 2026
srikanthramu Credited to srikanthramu
Bludit allows user's session identifier to be set before authentication. The value of this... Moderate Unreviewed
CVE-2026-25101 was published Mar 27, 2026
OpenBao lacks user confirmation for OIDC direct callback mode Critical
CVE-2026-33757 was published for github.com/openbao/openbao (Go) Mar 26, 2026
gianklug Credited to gianklug
HCL Aftermarket DPC is affected by Session Fixation which allows attacker to takeover the user's... Moderate Unreviewed
CVE-2025-55266 was published Mar 26, 2026
AVideo has Session Fixation via GET PHPSESSID Parameter With Disabled Login Session Regeneration High
CVE-2026-33492 was published for wwbn/avideo (Composer) Mar 20, 2026
ScadaBR 1.12.4 is vulnerable to Session Fixation. The application assigns a JSESSIONID session... Moderate Unreviewed
CVE-2025-70973 was published Mar 9, 2026
OliveTin Session Fixation: Logout Fails to Invalidate Server-Side Session Moderate
CVE-2026-30224 was published for github.com/OliveTin/OliveTin (Go) Mar 5, 2026
Zwique Credited to Zwique
Rancher's Azure AD permission changes are not reflected on active sessions High
CVE-2023-22648 was published for github.com/rancher/rancher (Go) Mar 3, 2026
yvespp Credited to yvespp
PluXml CMS allows a user's session identifier to be set before authentication. The value of this... Moderate Unreviewed
CVE-2026-24352 was published Feb 27, 2026
FrankenPHP leaks session data between requests in worker mode High
CVE-2026-24894 was published for github.com/dunglas/frankenphp (Go) Feb 12, 2026
xavierleune Credited to xavierleune and dunglas dunglas dunglas
A vulnerability has been found in SourceCodester Prison Management System 1.0. The impacted... Moderate Unreviewed
CVE-2026-2177 was published Feb 8, 2026
Quick.Cart allows a user's session identifier to be set before authentication. The value of this... Moderate Unreviewed
CVE-2026-23796 was published Feb 5, 2026
Session Fixation vulnerability in QR Menu Pro Smart Menu Systems Menu Panel allows Session... Moderate Unreviewed
CVE-2025-7014 was published Jan 29, 2026
Session Fixation vulnerability in Akın Software Computer Import Export Industry and Trade Ltd. QR... Moderate Unreviewed
CVE-2025-7015 was published Jan 29, 2026
A session fixation vulnerability exists in 66biolinks v62.0.0 by AltumCode, where the application... Critical Unreviewed
CVE-2025-69602 was published Jan 28, 2026
IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0.00 through 5.2.0.12 does... Moderate Unreviewed
CVE-2025-36115 was published Jan 20, 2026
This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy... High Unreviewed
CVE-2026-22082 was published Jan 9, 2026
All-Dynamics Software enlogic:show 2.0.2 contains a session fixation vulnerability that allows... High Unreviewed
CVE-2020-36913 was published Jan 6, 2026
A session management issue was addressed with improved checks. This issue is fixed in macOS... Low Unreviewed
CVE-2025-43516 was published Dec 12, 2025
Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to... High Unreviewed
CVE-2023-53775 was published Dec 11, 2025
Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to... High Unreviewed
CVE-2023-53776 was published Dec 11, 2025
Screen SFT DAB 1.9.3 contains a weak session management vulnerability that allows attackers to... High Unreviewed
CVE-2023-53741 was published Dec 10, 2025
A session fixation vulnerability exists in Blood Bank Management System 1.0 in login.php that... Moderate Unreviewed
CVE-2025-63529 was published Dec 1, 2025
Overhang Tutor Discloses Sensitive Information due to Improper Cache-Control Low
CVE-2025-65681 was published for tutor (pip) Nov 26, 2025
A vulnerability in the web management interface of the AOS-CX OS user authentication service... Moderate Unreviewed
CVE-2025-37159 was published Nov 18, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database