GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
                  
                    
                      
                      All reviewed
                    
                    
                      5,000+
                    
                  
                  
                    
                      
                      Composer
                    
                    
                      4,950
                    
                  
                  
                    
                      
                      Erlang
                    
                    
                      39
                    
                  
                  
                    
                      
                      GitHub Actions
                    
                    
                      38
                    
                  
                  
                    
                      
                      Go
                    
                    
                      2,603
                    
                  
                  
                    
                      
                      Maven
                    
                    
                      5,000+
                    
                  
                  
                    
                      
                      npm
                    
                    
                      4,250
                    
                  
                  
                    
                      
                      NuGet
                    
                    
                      755
                    
                  
                  
                    
                      
                      pip
                    
                    
                      4,013
                    
                  
                  
                    
                      
                      Pub
                    
                    
                      12
                    
                  
                  
                    
                      
                      RubyGems
                    
                    
                      953
                    
                  
                  
                    
                      
                      Rust
                    
                    
                      1,048
                    
                  
                  
                    
                      
                      Swift
                    
                    
                      45
                    
                  
                  Unreviewed advisories
                  
                    
                      
                      All unreviewed
                    
                    
                      5,000+
                    
                  
            Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
      234 advisories
        Filter by severity
        
      
      
    
                    
                      Creativeitem Academy LMS up to and including 5.13 does not regenerate session IDs upon successful...
                    
                      
  Low
                      
                        Unreviewed
                    
                
                      
                        CVE-2025-56746
                      
                      was published
                      Oct 15, 2025 
                    
                  
                    
                      Session Fixation vulnerability in Rolantis Information Technologies Agentis allows Session...
                    
                      
  High
                      
                        Unreviewed
                    
                
                      
                        CVE-2025-10228
                      
                      was published
                      Oct 14, 2025 
                    
                  
                    
                      A vulnerability was found in givanz Vvveb 1.0.6.1. It has been declared as critical. Affected by...
                    
                      
  Moderate
                      
                        Unreviewed
                    
                
                      
                        CVE-2025-8517
                      
                      was published
                      Aug 4, 2025 
                    
                  
                    
                      HCL IEM is affected by a cookie attribute not set vulnerability due to inconsistency of certain...
                    
                      
  Low
                      
                        Unreviewed
                    
                
                      
                        CVE-2025-0253
                      
                      was published
                      Jul 25, 2025 
                    
                  
                    
                      HCL IEM is affected by a concurrent login vulnerability.  The application allows multiple...
                    
                      
  Low
                      
                        Unreviewed
                    
                
                      
                        CVE-2025-0251
                      
                      was published
                      Jul 25, 2025 
                    
                  
                    
                      IBM Db2 Mirror for i 7.4, 7.5, and 7.6 does not disallow the session id after use which could...
                    
                      
  Moderate
                      
                        Unreviewed
                    
                
                      
                        CVE-2025-36117
                      
                      was published
                      Jul 23, 2025 
                    
                  
                    
                      Successful exploitation of the vulnerability could allow an unauthenticated attacker to obtain a...
                    
                      
  Critical
                      
                        Unreviewed
                    
                
                      
                        CVE-2025-52689
                      
                      was published
                      Jul 16, 2025 
                    
                  
                    
                      This vulnerability allows the successful attacker to gain unauthorized access to a 
configuration...
                    
                      
  Critical
                      
                        Unreviewed
                    
                
                      
                        CVE-2024-13967
                      
                      was published
                      Jun 4, 2025 
                    
                  
                    
                      A vulnerability was found in PHPGurukul Hostel Management System 2.1 in the /hostel/change...
                    
                      
  Critical
                      
                        Unreviewed
                    
                
                      
                        CVE-2025-45953
                      
                      was published
                      Apr 28, 2025 
                    
                  
                    
                      A critical vulnerability was found in PHPGurukul User Registration & Login and User Management...
                    
                      
  Critical
                      
                        Unreviewed
                    
                
                      
                        CVE-2025-45949
                      
                      was published
                      Apr 28, 2025 
                    
                  
                    
                      This vulnerability exists in Meon KYC solutions due to improper handling of access and refresh...
                    
                      
  High
                      
                        Unreviewed
                    
                
                      
                        CVE-2025-42602
                      
                      was published
                      Apr 23, 2025 
                    
                  
                    
                      Improper session management in Elber REBLE310 Firmware v5.5.1.R , Equipment Model: REBLE310/RX10...
                    
                      
  Critical
                      
                        Unreviewed
                    
                
                      
                        CVE-2025-28238
                      
                      was published
                      Apr 18, 2025 
                    
                  
                    
                      Improper session management in the /login_ok.htm endpoint of DAEnetIP4 METO v1.25 allows...
                    
                      
  Critical
                      
                        Unreviewed
                    
                
                      
                        CVE-2025-28242
                      
                      was published
                      Apr 18, 2025 
                    
                  
                    
                      Internet Starter, one of SoftCOM iKSORIS system modules, allows for setting an arbitrary session...
                    
                      
  Low
                      
                        Unreviewed
                    
                
                      
                        CVE-2024-49709
                      
                      was published
                      Apr 14, 2025 
                    
                  
                    
                      When configured using SAML, a session fixation vulnerability in the GlobalProtect™ login enables...
                    
                      
  High
                      
                        Unreviewed
                    
                
                      
                        CVE-2025-0126
                      
                      was published
                      Apr 11, 2025 
                    
                  
                    
                      The Service Layer in SAP Business One, allows attackers to potentially gain unauthorized access...
                    
                      
  Moderate
                      
                        Unreviewed
                    
                
                      
                        CVE-2025-26658
                      
                      was published
                      Mar 11, 2025 
                    
                  
                    
                      Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923...
                    
                      
  Critical
                      
                        Unreviewed
                    
                
                      
                        CVE-2025-27661
                      
                      was published
                      Mar 5, 2025 
                    
                  
                    
                      IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages 
with Watson Assistant chat feature...
                    
                      
  Moderate
                      
                        Unreviewed
                    
                
                      
                        CVE-2024-49344
                      
                      was published
                      Feb 20, 2025 
                    
                  
                    
                      Tiny File Manager v2.4.7 and below is vulnerable to session fixation.
                    
                      
  Critical
                      
                        Unreviewed
                    
                
                      
                        CVE-2022-40916
                      
                      was published
                      Feb 6, 2025 
                    
                  
                    
                      HCL iAutomate is affected by a session fixation vulnerability.  An attacker could hijack a victim...
                    
                      
  Moderate
                      
                        Unreviewed
                    
                
                      
                        CVE-2024-42207
                      
                      was published
                      Feb 5, 2025 
                    
                  
                    
                      A UAA configured with multiple identity zones, does not properly validate session information...
                    
                      
  Moderate
                      
                        Unreviewed
                    
                
                      
                        CVE-2025-22216
                      
                      was published
                      Jan 31, 2025 
                    
                  
                    
                      An improper session validation allows an unauthenticated attacker to cause certain request...
                    
                      
  Moderate
                      
                        Unreviewed
                    
                
                      
                        CVE-2025-24502
                      
                      was published
                      Jan 30, 2025 
                    
                  
                    
                      A malicious actor can fix the session of a PAM user by tricking the user to click on a specially...
                    
                      
  Critical
                      
                        Unreviewed
                    
                
                      
                        CVE-2025-24503
                      
                      was published
                      Jan 30, 2025 
                    
                  
                    
                      Mailcow through 2024-11b has a session fixation vulnerability in the web panel. It allows remote...
                    
                      
  High
                      
                        Unreviewed
                    
                
                      
                        CVE-2024-56529
                      
                      was published
                      Jan 29, 2025 
                    
                  
                    
                      An issue in youdiancms v.9.5.20 and before allows a remote attacker to escalate privileges via...
                    
                      
  Critical
                      
                        Unreviewed
                    
                
                      
                        CVE-2024-57052
                      
                      was published
                      Jan 28, 2025 
                    
                  
        
        ProTip!
        Advisories are also available from the 
        GraphQL API