Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,354
Erlang
31
GitHub Actions
22
Go
2,120
Maven
5,000+
npm
3,779
NuGet
681
pip
3,460
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

80 advisories

Loading
HCL iAutomate is affected by a session fixation vulnerability.  An attacker could hijack a victim... Moderate Unreviewed
CVE-2024-42207 was published Feb 5, 2025
An improper session validation allows an unauthenticated attacker to cause certain request... Moderate Unreviewed
CVE-2025-24502 was published Jan 30, 2025
Dell Storage Resource Manager, 4.9.0.0 and below, contain(s) a Session Fixation Vulnerability in... Moderate Unreviewed
CVE-2024-0157 was published Apr 12, 2024
A UAA configured with multiple identity zones, does not properly validate session information... Moderate Unreviewed
CVE-2025-22216 was published Jan 31, 2025
HCL MyXalytics is affected by a session fixation vulnerability. Cyber-criminals can exploit this... Moderate Unreviewed
CVE-2024-42170 was published Jan 11, 2025
HCL MyXalytics is affected by a session fixation vulnerability. Cyber-criminals can exploit this... Moderate Unreviewed
CVE-2024-42171 was published Jan 11, 2025
Vulnerability of services denied by early fingerprint APIs on HarmonyOS products.Successful... Moderate Unreviewed
CVE-2023-34156 was published Jun 19, 2023
An attacker who can spoof the IP address and the User-Agent of a logged-in user can takeover the... Moderate Unreviewed
CVE-2024-28144 was published Dec 12, 2024
In certain conditions, depending on timing and the usage of the Chrome web browser, Guardian/CMC... Moderate Unreviewed
CVE-2023-24477 was published Aug 9, 2023
A Session Fixation vulnerability exists in chatwoot/chatwoot versions prior to 2.4.0. The... Moderate Unreviewed
CVE-2021-3740 was published Nov 15, 2024
A session fixation issue was discovered in the NGINX OpenID Connect reference implementation,... Moderate Unreviewed
CVE-2024-10318 was published Nov 6, 2024
In visitUris of Notification.java, there is a possible way to leak image data across user... Moderate Unreviewed
CVE-2023-21239 was published Jul 13, 2023
In visitUris of RemoteViews.java, there is a possible leak of images between users due to a... Moderate Unreviewed
CVE-2023-21238 was published Jul 13, 2023
A vulnerability classified as problematic has been found in PHPGurukul Boat Booking System 1.0.... Moderate Unreviewed
CVE-2024-10158 was published Oct 20, 2024
IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable... Moderate Unreviewed
CVE-2024-22318 was published Feb 9, 2024
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP2).... Moderate Unreviewed
CVE-2024-42345 was published Sep 10, 2024
IBM Aspera Shares 1.10.0 PL2 does not invalidate session after a password change which could... Moderate Unreviewed
CVE-2023-38018 was published Aug 12, 2024
As of v1.5.0, the Argo web interface authentication system issued immutable tokens.... Moderate Unreviewed
CVE-2020-8826 was published May 24, 2022
IBM Storage Scale 5.1.0.0 through 5.1.9.2 could allow an authenticated user to steal or... Moderate Unreviewed
CVE-2023-38002 was published Apr 30, 2024
An issue has been discovered in GitLab affecting all versions starting from 11.9 before 15.9.6,... Moderate Unreviewed
CVE-2023-1265 was published May 3, 2023
Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0... Moderate Unreviewed
CVE-2022-38628 was published Dec 13, 2022
A remote session reuse vulnerability was discovered in HPE 3PAR Service Processor version(s):... Moderate Unreviewed
CVE-2019-5400 was published May 24, 2022
The "action" get_sess_id in the web application of Pydio through 8.2.2 discloses the session... Moderate Unreviewed
CVE-2019-10045 was published May 24, 2022
** DISPUTED ** Prior to 2018-04-27, the reprompt feature in Amazon Echo devices could be misused... Moderate Unreviewed
CVE-2018-11567 was published May 14, 2022
A vulnerability was found in Bdtask Wholesale Inventory Management System up to 20240311. It has... Moderate Unreviewed
CVE-2024-2639 was published Mar 19, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database