Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,615
Maven
5,000+
npm
4,255
NuGet
760
pip
4,036
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

15 advisories

Loading
IBM Security Identity Manager Virtual Appliance does not invalidate session tokens which could... Low Unreviewed
CVE-2016-9703 was published May 17, 2022
mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable... Low Unreviewed
CVE-2001-1534 was published Apr 30, 2022
A bug causing session fixation in Nextcloud Server prior to 14.0.0, 13.0.3 and 12.0.8 could... Low Unreviewed
CVE-2018-16463 was published May 13, 2022
IBM Security Identity Manager 7.0.1 Virtual Appliance does not invalidate session tokens when the... Low Unreviewed
CVE-2018-1962 was published May 13, 2022
IBM Security Guardium 10.0 does not renew a session variable after a successful authentication... Low Unreviewed
CVE-2017-1270 was published May 14, 2022
A vulnerability classified as problematic has been found in SourceCodester Engineers Online... Low Unreviewed
CVE-2024-0351 was published Jan 10, 2024
Symfony Session Fixation Vulnerability Low
CVE-2015-8124 was published for symfony/security (Composer) May 14, 2022
Initially, a user opens a Private Browsing Window and generates a password for a site, then... Low Unreviewed
CVE-2020-6824 was published May 24, 2022
Enabling Authentication does not close all logged in socket connections immediately Low
GHSA-23q2-5gf8-gjpp was published for uptime-kuma (npm) Apr 19, 2024
Mattermost fails to invalidate all active sessions when converting a user to a bot Low
CVE-2025-1412 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 24, 2025
Sametime is impacted by a failure to invalidate sessions. The application is setting sensitive... Low Unreviewed
CVE-2023-45718 was published Feb 10, 2024
HCL IEM is affected by a cookie attribute not set vulnerability due to inconsistency of certain... Low Unreviewed
CVE-2025-0253 was published Jul 25, 2025
HCL IEM is affected by a concurrent login vulnerability.  The application allows multiple... Low Unreviewed
CVE-2025-0251 was published Jul 25, 2025
Creativeitem Academy LMS up to and including 5.13 does not regenerate session IDs upon successful... Low Unreviewed
CVE-2025-56746 was published Oct 15, 2025
Internet Starter, one of SoftCOM iKSORIS system modules, allows for setting an arbitrary session... Low Unreviewed
CVE-2024-49709 was published Apr 14, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database