Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,818
Maven
5,000+
npm
5,000+
NuGet
939
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,355
Swift
54
Unreviewed advisories
All unreviewed
5,000+

363 advisories

Loading
Session Fixation vulnerability allows Session Hijacking via crafted session ID. This issue... High Unreviewed
CVE-2026-30808 was published May 12, 2026
docuFORM Managed Print Service Client 11.11c is vulnerable to a session fixation attack via the... Moderate Unreviewed
CVE-2025-65415 was published May 11, 2026
Open WebUI: Stale Admin Role in Socket.IO Session Pool Enables Post-Demotion Cross-User Note Access High
CVE-2026-44553 was published for open-webui (pip) May 8, 2026
Classic298 Credited to Classic298
Apache Wicket has a Session Fixation issue Critical
CVE-2026-40010 was published for org.apache.wicket:wicket-auth-roles (Maven) May 6, 2026
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release... Moderate Unreviewed
CVE-2025-46605 was published Apr 17, 2026
OAuth2 Proxy's session cookies are not cleared when rendering sign-in page Low
CVE-2026-34454 was published for github.com/oauth2-proxy/oauth2-proxy/v7 (Go) Apr 14, 2026
bella-WI Credited to bella-WI and cschrewing-WI cschrewing-WI cschrewing-WI
MCP Ruby SDK: Insufficient Session Binding Allows SSE Stream Hijacking via Session ID Replay High
CVE-2026-33946 was published for mcp (RubyGems) Mar 27, 2026
srikanthramu Credited to srikanthramu
Bludit allows user's session identifier to be set before authentication. The value of this... Moderate Unreviewed
CVE-2026-25101 was published Mar 27, 2026
OpenBao lacks user confirmation for OIDC direct callback mode Critical
CVE-2026-33757 was published for github.com/openbao/openbao (Go) Mar 26, 2026
gianklug Credited to gianklug
HCL Aftermarket DPC is affected by Session Fixation which allows attacker to takeover the user's... Moderate Unreviewed
CVE-2025-55266 was published Mar 26, 2026
AVideo has Session Fixation via GET PHPSESSID Parameter With Disabled Login Session Regeneration High
CVE-2026-33492 was published for wwbn/avideo (Composer) Mar 20, 2026
offset Credited to offset
ScadaBR 1.12.4 is vulnerable to Session Fixation. The application assigns a JSESSIONID session... Moderate Unreviewed
CVE-2025-70973 was published Mar 9, 2026
OliveTin Session Fixation: Logout Fails to Invalidate Server-Side Session Moderate
CVE-2026-30224 was published for github.com/OliveTin/OliveTin (Go) Mar 5, 2026
Zwique Credited to Zwique
Rancher's Azure AD permission changes are not reflected on active sessions High
CVE-2023-22648 was published for github.com/rancher/rancher (Go) Mar 3, 2026
yvespp Credited to yvespp
PluXml CMS allows a user's session identifier to be set before authentication. The value of this... Moderate Unreviewed
CVE-2026-24352 was published Feb 27, 2026
FrankenPHP leaks session data between requests in worker mode High
CVE-2026-24894 was published for github.com/dunglas/frankenphp (Go) Feb 12, 2026
xavierleune Credited to xavierleune and dunglas dunglas dunglas
A vulnerability has been found in SourceCodester Prison Management System 1.0. The impacted... Moderate Unreviewed
CVE-2026-2177 was published Feb 8, 2026
Quick.Cart allows a user's session identifier to be set before authentication. The value of this... Moderate Unreviewed
CVE-2026-23796 was published Feb 5, 2026
Session Fixation vulnerability in QR Menu Pro Smart Menu Systems Menu Panel allows Session... Moderate Unreviewed
CVE-2025-7014 was published Jan 29, 2026
Session Fixation vulnerability in Akın Software Computer Import Export Industry and Trade Ltd. QR... Moderate Unreviewed
CVE-2025-7015 was published Jan 29, 2026
A session fixation vulnerability exists in 66biolinks v62.0.0 by AltumCode, where the application... Critical Unreviewed
CVE-2025-69602 was published Jan 28, 2026
IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0.00 through 5.2.0.12 does... Moderate Unreviewed
CVE-2025-36115 was published Jan 20, 2026
This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy... High Unreviewed
CVE-2026-22082 was published Jan 9, 2026
All-Dynamics Software enlogic:show 2.0.2 contains a session fixation vulnerability that allows... High Unreviewed
CVE-2020-36913 was published Jan 6, 2026
A session management issue was addressed with improved checks. This issue is fixed in macOS... Low Unreviewed
CVE-2025-43516 was published Dec 12, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database