GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 27,557
Composer 5,386
Erlang 44
GitHub Actions 46
Go 3,270
Maven 6,323
npm 5,240
NuGet 867
pip 4,517
Pub 12
RubyGems 998
Rust 1,194
Swift 51

Unreviewed advisories

All unreviewed 294,112

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

144 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

ScadaBR 1.12.4 is vulnerable to Session Fixation. The application assigns a JSESSIONID session... Moderate Unreviewed

CVE-2025-70973 was published Mar 9, 2026

OliveTin Session Fixation: Logout Fails to Invalidate Server-Side Session Moderate

CVE-2026-30224 was published for github.com/OliveTin/OliveTin (Go) Mar 5, 2026

Credited to Zwique

PluXml CMS allows a user's session identifier to be set before authentication. The value of this... Moderate Unreviewed

CVE-2026-24352 was published Feb 27, 2026

A vulnerability has been found in SourceCodester Prison Management System 1.0. The impacted... Moderate Unreviewed

CVE-2026-2177 was published Feb 8, 2026

Quick.Cart allows a user's session identifier to be set before authentication. The value of this... Moderate Unreviewed

CVE-2026-23796 was published Feb 5, 2026

Session Fixation vulnerability in QR Menu Pro Smart Menu Systems Menu Panel allows Session... Moderate Unreviewed

CVE-2025-7014 was published Jan 29, 2026

Session Fixation vulnerability in Akın Software Computer Import Export Industry and Trade Ltd. QR... Moderate Unreviewed

CVE-2025-7015 was published Jan 29, 2026

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0.00 through 5.2.0.12 does... Moderate Unreviewed

CVE-2025-36115 was published Jan 20, 2026

A session fixation vulnerability exists in Blood Bank Management System 1.0 in login.php that... Moderate Unreviewed

CVE-2025-63529 was published Dec 1, 2025

A vulnerability in the web management interface of the AOS-CX OS user authentication service... Moderate Unreviewed

CVE-2025-37159 was published Nov 18, 2025

CKAN vulnerable to fixed session IDs Moderate

CVE-2025-64100 was published for ckan (pip) Oct 29, 2025

Keycloak vulnerable to session takeovers due to reuse of session identifiers Moderate

CVE-2025-12390 was published for org.keycloak:keycloak-services (Maven) Oct 28, 2025

Credited to levpachmanov

Payload's SQLite adapter Session Fixation vulnerability Moderate

CVE-2025-4644 was published for @payloadcms/graphql (npm) Aug 29, 2025

Apache Tomcat Session Fixation vulnerability Moderate

CVE-2025-55668 was published for org.apache.tomcat:tomcat-catalina (Maven) Aug 13, 2025

A vulnerability was found in givanz Vvveb 1.0.6.1. It has been declared as critical. Affected by... Moderate Unreviewed

CVE-2025-8517 was published Aug 4, 2025

IBM Db2 Mirror for i 7.4, 7.5, and 7.6 does not disallow the session id after use which could... Moderate Unreviewed

CVE-2025-36117 was published Jul 23, 2025

Moodle Session Fixation allows unauthenticated users to hijack sessions via sesskey parameter Moderate

CVE-2025-53021 was published for moodle/moodle (Composer) Jun 24, 2025

The Service Layer in SAP Business One, allows attackers to potentially gain unauthorized access... Moderate Unreviewed

CVE-2025-26658 was published Mar 11, 2025

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages with Watson Assistant chat feature... Moderate Unreviewed

CVE-2024-49344 was published Feb 20, 2025

HCL iAutomate is affected by a session fixation vulnerability. An attacker could hijack a victim... Moderate Unreviewed

CVE-2024-42207 was published Feb 5, 2025

A UAA configured with multiple identity zones, does not properly validate session information... Moderate Unreviewed

CVE-2025-22216 was published Jan 31, 2025

An improper session validation allows an unauthenticated attacker to cause certain request... Moderate Unreviewed

CVE-2025-24502 was published Jan 30, 2025

HCL MyXalytics is affected by a session fixation vulnerability. Cyber-criminals can exploit this... Moderate Unreviewed

CVE-2024-42170 was published Jan 11, 2025

HCL MyXalytics is affected by a session fixation vulnerability. Cyber-criminals can exploit this... Moderate Unreviewed

CVE-2024-42171 was published Jan 11, 2025

Password Pusher Allows Session Token Interception Leading to Potential Hijacking Moderate

CVE-2024-56733 was published for pwpush (RubyGems) Dec 30, 2024

Previous1…6 Next

Previous 1 2 3 4 5 6 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

144 advisories