Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
46
Go
3,270
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,517
Pub
12
RubyGems
998
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+

353 advisories

Loading
AVideo has Session Fixation via GET PHPSESSID Parameter With Disabled Login Session Regeneration High
CVE-2026-33492 was published for wwbn/avideo (Composer) Mar 20, 2026
ScadaBR 1.12.4 is vulnerable to Session Fixation. The application assigns a JSESSIONID session... Moderate Unreviewed
CVE-2025-70973 was published Mar 9, 2026
OliveTin Session Fixation: Logout Fails to Invalidate Server-Side Session Moderate
CVE-2026-30224 was published for github.com/OliveTin/OliveTin (Go) Mar 5, 2026
Zwique Credited to Zwique
Rancher's Azure AD permission changes are not reflected on active sessions High
CVE-2023-22648 was published for github.com/rancher/rancher (Go) Mar 3, 2026
yvespp Credited to yvespp
PluXml CMS allows a user's session identifier to be set before authentication. The value of this... Moderate Unreviewed
CVE-2026-24352 was published Feb 27, 2026
FrankenPHP leaks session data between requests in worker mode High
CVE-2026-24894 was published for github.com/dunglas/frankenphp (Go) Feb 12, 2026
xavierleune Credited to xavierleune and dunglas dunglas dunglas
A vulnerability has been found in SourceCodester Prison Management System 1.0. The impacted... Moderate Unreviewed
CVE-2026-2177 was published Feb 8, 2026
Quick.Cart allows a user's session identifier to be set before authentication. The value of this... Moderate Unreviewed
CVE-2026-23796 was published Feb 5, 2026
Session Fixation vulnerability in QR Menu Pro Smart Menu Systems Menu Panel allows Session... Moderate Unreviewed
CVE-2025-7014 was published Jan 29, 2026
Session Fixation vulnerability in Akın Software Computer Import Export Industry and Trade Ltd. QR... Moderate Unreviewed
CVE-2025-7015 was published Jan 29, 2026
A session fixation vulnerability exists in 66biolinks v62.0.0 by AltumCode, where the application... Critical Unreviewed
CVE-2025-69602 was published Jan 28, 2026
IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0.00 through 5.2.0.12 does... Moderate Unreviewed
CVE-2025-36115 was published Jan 20, 2026
This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy... High Unreviewed
CVE-2026-22082 was published Jan 9, 2026
All-Dynamics Software enlogic:show 2.0.2 contains a session fixation vulnerability that allows... High Unreviewed
CVE-2020-36913 was published Jan 6, 2026
A session management issue was addressed with improved checks. This issue is fixed in macOS... Low Unreviewed
CVE-2025-43516 was published Dec 12, 2025
Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to... High Unreviewed
CVE-2023-53775 was published Dec 11, 2025
Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to... High Unreviewed
CVE-2023-53776 was published Dec 11, 2025
Screen SFT DAB 1.9.3 contains a weak session management vulnerability that allows attackers to... High Unreviewed
CVE-2023-53741 was published Dec 10, 2025
A session fixation vulnerability exists in Blood Bank Management System 1.0 in login.php that... Moderate Unreviewed
CVE-2025-63529 was published Dec 1, 2025
Overhang Tutor Discloses Sensitive Information due to Improper Cache-Control Low
CVE-2025-65681 was published for tutor (pip) Nov 26, 2025
A vulnerability in the web management interface of the AOS-CX OS user authentication service... Moderate Unreviewed
CVE-2025-37159 was published Nov 18, 2025
CKAN vulnerable to fixed session IDs Moderate
CVE-2025-64100 was published for ckan (pip) Oct 29, 2025
Keycloak vulnerable to session takeovers due to reuse of session identifiers Moderate
CVE-2025-12390 was published for org.keycloak:keycloak-services (Maven) Oct 28, 2025
levpachmanov Credited to levpachmanov
Creativeitem Academy LMS up to and including 5.13 does not regenerate session IDs upon successful... Low Unreviewed
CVE-2025-56746 was published Oct 15, 2025
Session Fixation vulnerability in Rolantis Information Technologies Agentis allows Session... High Unreviewed
CVE-2025-10228 was published Oct 14, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database