Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,658
Maven
5,000+
npm
4,288
NuGet
760
pip
4,069
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

333 advisories

Loading
A vulnerability in the web management interface of the AOS-CX OS user authentication service... Moderate Unreviewed
CVE-2025-37159 was published Nov 18, 2025
Session is cached for OpenID and OAuth2 if `redirect` is not used High
CVE-2024-45596 was published for @directus/api (npm) Sep 10, 2024
joselcvarela
Credited to joselcvarela
Keycloak vulnerable to session takeovers due to reuse of session identifiers Moderate
CVE-2025-12390 was published for org.keycloak:keycloak-services (Maven) Oct 28, 2025
levpachmanov
Credited to levpachmanov
Apache Tomcat Session Fixation vulnerability Moderate
CVE-2025-55668 was published for org.apache.tomcat:tomcat-catalina (Maven) Aug 13, 2025
An attacker who can spoof the IP address and the User-Agent of a logged-in user can takeover the... Moderate Unreviewed
CVE-2024-28144 was published Dec 12, 2024
CKAN vulnerable to fixed session IDs Moderate
CVE-2025-64100 was published for ckan (pip) Oct 29, 2025
Internet Starter, one of SoftCOM iKSORIS system modules, allows for setting an arbitrary session... Low Unreviewed
CVE-2024-49709 was published Apr 14, 2025
Creativeitem Academy LMS up to and including 5.13 does not regenerate session IDs upon successful... Low Unreviewed
CVE-2025-56746 was published Oct 15, 2025
Session Fixation vulnerability in Rolantis Information Technologies Agentis allows Session... High Unreviewed
CVE-2025-10228 was published Oct 14, 2025
Session Fixation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows... High Unreviewed
CVE-2023-3711 was published Sep 12, 2023
Payload's SQLite adapter Session Fixation vulnerability Moderate
CVE-2025-4644 was published for @payloadcms/graphql (npm) Aug 29, 2025
A vulnerability was found in givanz Vvveb 1.0.6.1. It has been declared as critical. Affected by... Moderate Unreviewed
CVE-2025-8517 was published Aug 4, 2025
File Browser’s insecure JWT handling can lead to session replay attacks after logout High
CVE-2025-53826 was published for github.com/filebrowser/filebrowser (Go) Jul 16, 2025
maen08 hacdias
Credited to maen08 and hacdias
HCL IEM is affected by a concurrent login vulnerability.  The application allows multiple... Low Unreviewed
CVE-2025-0251 was published Jul 25, 2025
HCL IEM is affected by a cookie attribute not set vulnerability due to inconsistency of certain... Low Unreviewed
CVE-2025-0253 was published Jul 25, 2025
IBM Db2 Mirror for i 7.4, 7.5, and 7.6 does not disallow the session id after use which could... Moderate Unreviewed
CVE-2025-36117 was published Jul 23, 2025
Successful exploitation of the vulnerability could allow an unauthenticated attacker to obtain a... Critical Unreviewed
CVE-2025-52689 was published Jul 16, 2025
aiohttp-session Session Fixation vulnerability High
CVE-2018-1000519 was published for aiohttp-session (pip) Sep 13, 2018
Apache Kylin Session Fixation vulnerability High
CVE-2024-23590 was published for org.apache.kylin:kylin (Maven) Nov 4, 2024
Moodle Session Fixation allows unauthenticated users to hijack sessions via sesskey parameter Moderate
CVE-2025-53021 was published for moodle/moodle (Composer) Jun 24, 2025
CodeIgniter Session Fixation Vulnerability Critical
CVE-2018-12071 was published for codeigniter/framework (Composer) May 14, 2022
zenml Session Fixation vulnerability Moderate
CVE-2024-2260 was published for zenml (pip) Apr 16, 2024
This vulnerability allows the successful attacker to gain unauthorized access to a configuration... Critical Unreviewed
CVE-2024-13967 was published Jun 4, 2025
Sametime is impacted by a failure to invalidate sessions. The application is setting sensitive... Low Unreviewed
CVE-2023-45718 was published Feb 10, 2024
Session fixation in Enonic XP Critical
CVE-2024-23679 was published for com.enonic.xp:lib-auth (Maven) Jan 19, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database