Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
46
Go
3,270
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,517
Pub
12
RubyGems
998
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+

353 advisories

Loading
AVideo has Session Fixation via GET PHPSESSID Parameter With Disabled Login Session Regeneration High
CVE-2026-33492 was published for wwbn/avideo (Composer) Mar 20, 2026
Session Hijack vulnerability in Deprecated VMware Enhanced Authentication Plug-in could allow a... High Unreviewed
CVE-2024-22250 was published Feb 20, 2024
ScadaBR 1.12.4 is vulnerable to Session Fixation. The application assigns a JSESSIONID session... Moderate Unreviewed
CVE-2025-70973 was published Mar 9, 2026
OliveTin Session Fixation: Logout Fails to Invalidate Server-Side Session Moderate
CVE-2026-30224 was published for github.com/OliveTin/OliveTin (Go) Mar 5, 2026
Zwique Credited to Zwique
Rancher's Azure AD permission changes are not reflected on active sessions High
CVE-2023-22648 was published for github.com/rancher/rancher (Go) Mar 3, 2026
yvespp Credited to yvespp
PluXml CMS allows a user's session identifier to be set before authentication. The value of this... Moderate Unreviewed
CVE-2026-24352 was published Feb 27, 2026
Quick.Cart allows a user's session identifier to be set before authentication. The value of this... Moderate Unreviewed
CVE-2026-23796 was published Feb 5, 2026
FrankenPHP leaks session data between requests in worker mode High
CVE-2026-24894 was published for github.com/dunglas/frankenphp (Go) Feb 12, 2026
xavierleune Credited to xavierleune and dunglas dunglas dunglas
A vulnerability has been found in SourceCodester Prison Management System 1.0. The impacted... Moderate Unreviewed
CVE-2026-2177 was published Feb 8, 2026
Duplicate Advisory: Session Fixation Moderate
GHSA-c7vg-w8q8-c3wf was published for shopware/platform (Composer) Sep 8, 2021 withdrawn
A session fixation vulnerability exists in 66biolinks v62.0.0 by AltumCode, where the application... Critical Unreviewed
CVE-2025-69602 was published Jan 28, 2026
Session Fixation vulnerability in QR Menu Pro Smart Menu Systems Menu Panel allows Session... Moderate Unreviewed
CVE-2025-7014 was published Jan 29, 2026
Session Fixation vulnerability in Akın Software Computer Import Export Industry and Trade Ltd. QR... Moderate Unreviewed
CVE-2025-7015 was published Jan 29, 2026
com.enonic.xp:lib-auth vulnerable to Session Fixation Critical
CVE-2024-23679 was published for com.enonic.xp:lib-auth (Maven) Oct 12, 2022
Duplicate Advisory: Session fixation in Enonic XP Critical
GHSA-4hrp-m3f2-643j was published for com.enonic.xp:lib-auth (Maven) Jan 19, 2024 withdrawn
IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0.00 through 5.2.0.12 does... Moderate Unreviewed
CVE-2025-36115 was published Jan 20, 2026
This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy... High Unreviewed
CVE-2026-22082 was published Jan 9, 2026
All-Dynamics Software enlogic:show 2.0.2 contains a session fixation vulnerability that allows... High Unreviewed
CVE-2020-36913 was published Jan 6, 2026
A session fixation vulnerability in Bludit allows an attacker to bypass the server's... Moderate Unreviewed
CVE-2024-24552 was published Jun 24, 2024
Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to... High Unreviewed
CVE-2023-53775 was published Dec 11, 2025
Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to... High Unreviewed
CVE-2023-53776 was published Dec 11, 2025
Keycloak vulnerable to session takeovers due to reuse of session identifiers Moderate
CVE-2025-12390 was published for org.keycloak:keycloak-services (Maven) Oct 28, 2025
levpachmanov Credited to levpachmanov
A session management issue was addressed with improved checks. This issue is fixed in macOS... Low Unreviewed
CVE-2025-43516 was published Dec 12, 2025
Screen SFT DAB 1.9.3 contains a weak session management vulnerability that allows attackers to... High Unreviewed
CVE-2023-53741 was published Dec 10, 2025
A vulnerability has been identified in SICAM P850 (All versions < V3.10), SICAM P850 (All... High Unreviewed
CVE-2022-40226 was published Oct 11, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database