Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

370 advisories

Loading
Catalyst::Plugin::Authentication versions before 0.10_027 for Perl is susceptible to session... Critical Unreviewed
CVE-2009-10007 was published Jun 9, 2026
A WebFlux application with a compromised subdomain (for example, compromised via cross-site... Moderate Unreviewed
CVE-2026-41839 was published Jun 9, 2026
A flaw has been found in tittuvarghese CollegeManagementSystem... Low Unreviewed
CVE-2026-11335 was published Jun 5, 2026
Improper Authentication (Authentication Bypass) exists in Neterbit NW-431F Router 20241014-IR03... Critical Unreviewed
CVE-2025-67446 was published Jun 4, 2026
QuickCMS allows a user's session identifier to be set before authentication. The value of this... Moderate Unreviewed
CVE-2026-33384 was published May 29, 2026
Gradio before version 6.15.0 contains a cookie injection vulnerability that allows remote... High Unreviewed
CVE-2026-48545 was published May 27, 2026
Default configurations of Apache Shiro have a session fixation vulnerability. This issue affects... Moderate Unreviewed
CVE-2026-43827 was published May 26, 2026
Session Fixation vulnerability allows Session Hijacking via crafted session ID. This issue... High Unreviewed
CVE-2026-30808 was published May 12, 2026
docuFORM Managed Print Service Client 11.11c is vulnerable to a session fixation attack via the... Moderate Unreviewed
CVE-2025-65415 was published May 11, 2026
Open WebUI: Stale Admin Role in Socket.IO Session Pool Enables Post-Demotion Cross-User Note Access High
CVE-2026-44553 was published for open-webui (pip) May 8, 2026
Classic298 Credited to Classic298
Apache Wicket has a Session Fixation issue Critical
CVE-2026-40010 was published for org.apache.wicket:wicket-auth-roles (Maven) May 6, 2026
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release... Moderate Unreviewed
CVE-2025-46605 was published Apr 17, 2026
OAuth2 Proxy's session cookies are not cleared when rendering sign-in page Low
CVE-2026-34454 was published for github.com/oauth2-proxy/oauth2-proxy/v7 (Go) Apr 14, 2026
bella-WI Credited to bella-WI and cschrewing-WI cschrewing-WI cschrewing-WI
MCP Ruby SDK: Insufficient Session Binding Allows SSE Stream Hijacking via Session ID Replay High
CVE-2026-33946 was published for mcp (RubyGems) Mar 27, 2026
srikanthramu Credited to srikanthramu
Bludit allows user's session identifier to be set before authentication. The value of this... Moderate Unreviewed
CVE-2026-25101 was published Mar 27, 2026
OpenBao lacks user confirmation for OIDC direct callback mode Critical
CVE-2026-33757 was published for github.com/openbao/openbao (Go) Mar 26, 2026
gianklug Credited to gianklug
HCL Aftermarket DPC is affected by Session Fixation which allows attacker to takeover the user's... Moderate Unreviewed
CVE-2025-55266 was published Mar 26, 2026
AVideo has Session Fixation via GET PHPSESSID Parameter With Disabled Login Session Regeneration High
CVE-2026-33492 was published for wwbn/avideo (Composer) Mar 20, 2026
offset Credited to offset
ScadaBR 1.12.4 is vulnerable to Session Fixation. The application assigns a JSESSIONID session... Moderate Unreviewed
CVE-2025-70973 was published Mar 9, 2026
OliveTin Session Fixation: Logout Fails to Invalidate Server-Side Session Moderate
CVE-2026-30224 was published for github.com/OliveTin/OliveTin (Go) Mar 5, 2026
Zwique Credited to Zwique
Rancher's Azure AD permission changes are not reflected on active sessions High
CVE-2023-22648 was published for github.com/rancher/rancher (Go) Mar 3, 2026
yvespp Credited to yvespp
PluXml CMS allows a user's session identifier to be set before authentication. The value of this... Moderate Unreviewed
CVE-2026-24352 was published Feb 27, 2026
FrankenPHP leaks session data between requests in worker mode High
CVE-2026-24894 was published for github.com/dunglas/frankenphp (Go) Feb 12, 2026
xavierleune Credited to xavierleune and dunglas dunglas dunglas
A vulnerability has been found in SourceCodester Prison Management System 1.0. The impacted... Moderate Unreviewed
CVE-2026-2177 was published Feb 8, 2026
Quick.Cart allows a user's session identifier to be set before authentication. The value of this... Moderate Unreviewed
CVE-2026-23796 was published Feb 5, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database