Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
46
Go
3,270
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,517
Pub
12
RubyGems
998
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+

353 advisories

Loading
ZITADEL Allows IdP Intent Token Reuse High
CVE-2025-46815 was published for github.com/zitadel/zitadel (Go) May 6, 2025
cfx Credited to cfx, livio-a, and fforootd livio-a livio-a
fforootd fforootd
An issue was discovered in Reprise RLM 14.2. As the session cookies are small, an attacker can... High Unreviewed
CVE-2021-44151 was published Dec 14, 2021
Session fixation exists in ZoneMinder through 1.36.12 as an attacker can poison a session cookie... Moderate Unreviewed
CVE-2022-30769 was published Nov 16, 2022
An issue was discovered in Appalti & Contratti 9.12.2. It allows Session Fixation. When a user... Moderate Unreviewed
CVE-2022-44788 was published Nov 22, 2022
A critical vulnerability was found in PHPGurukul User Registration & Login and User Management... Critical Unreviewed
CVE-2025-45949 was published Apr 28, 2025
A vulnerability was found in PHPGurukul Hostel Management System 2.1 in the /hostel/change... Critical Unreviewed
CVE-2025-45953 was published Apr 28, 2025
This vulnerability exists in Meon KYC solutions due to improper handling of access and refresh... High Unreviewed
CVE-2025-42602 was published Apr 23, 2025
Improper session management in Elber REBLE310 Firmware v5.5.1.R , Equipment Model: REBLE310/RX10... Critical Unreviewed
CVE-2025-28238 was published Apr 18, 2025
Improper session management in the /login_ok.htm endpoint of DAEnetIP4 METO v1.25 allows... Critical Unreviewed
CVE-2025-28242 was published Apr 18, 2025
Session fixation vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack web... Critical Unreviewed
CVE-2017-12965 was published May 14, 2022
A vulnerability in the web functionality of the Cisco Prime LAN Management Solution could allow... Moderate Unreviewed
CVE-2017-12225 was published May 13, 2022
An issue was discovered in Cloud Foundry Foundation Cloud Foundry release v252 and earlier... High Unreviewed
CVE-2017-4963 was published May 14, 2022
Nextcloud Server before 11.0.3 is vulnerable to an improper session handling allowed an... Moderate Unreviewed
CVE-2017-0892 was published May 13, 2022
Revive Adserver before 3.2.3 suffers from session fixation, by allowing arbitrary session... Critical Unreviewed
CVE-2016-9125 was published May 13, 2022
Session fixation vulnerability in the forgot password mechanism in Revive Adserver before 4.0.1,... Moderate Unreviewed
CVE-2017-5831 was published May 17, 2022
An OAuth session fixation vulnerability existed in the VPN login flow, where an attacker could... High Unreviewed
CVE-2020-15679 was published Dec 22, 2022
Moodle Session Fixation vulnerability Moderate
CVE-2010-1613 was published for moodle/moodle (Composer) May 13, 2022
When configured using SAML, a session fixation vulnerability in the GlobalProtect™ login enables... High Unreviewed
CVE-2025-0126 was published Apr 11, 2025
E-Mails exported as PDF were stored in a cache that did not consider specific session information... Moderate Unreviewed
CVE-2024-23193 was published May 6, 2024
Session fixation vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers to... High Unreviewed
CVE-2007-4188 was published May 1, 2022
In NetAdmin 4.0.30319, an attacker can steal a valid session cookie and inject it into another... High Unreviewed
CVE-2024-48955 was published Oct 29, 2024
Keycloak vulnerable to session hijacking via re-authentication Moderate
CVE-2023-6787 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
The Service Layer in SAP Business One, allows attackers to potentially gain unauthorized access... Moderate Unreviewed
CVE-2025-26658 was published Mar 11, 2025
Moodle Session Fixation vulnerability Critical
CVE-2021-36394 was published for moodle/moodle (Composer) Mar 6, 2023
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923... Critical Unreviewed
CVE-2025-27661 was published Mar 5, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database