GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
66 advisories
Filter by severity
IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to bypass...
Moderate
Unreviewed
CVE-2020-4954
was published
May 24, 2022
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 does not invalidate session after a password...
Moderate
Unreviewed
CVE-2020-5021
was published
May 24, 2022
IBM Financial Transaction Manager 3.0.6 and 3.1.0 does not invalidate session after logout which...
Moderate
Unreviewed
CVE-2020-4555
was published
May 24, 2022
IBM Security Directory Server 6.4.0 does not set the secure attribute on authorization tokens or...
Moderate
Unreviewed
CVE-2019-4563
was published
May 24, 2022
A session fixation vulnerability in J-Web on Junos OS may allow an attacker to use social...
Moderate
Unreviewed
CVE-2019-0062
was published
May 24, 2022
IBM WebSphere Application Server - Liberty could allow a remote attacker to bypass security...
Moderate
Unreviewed
CVE-2019-4304
was published
May 24, 2022
A remote session reuse vulnerability was discovered in HPE 3PAR Service Processor version(s):...
Moderate
Unreviewed
CVE-2019-5400
was published
May 24, 2022
IBM Cloud Private 3.1.0, 3.1.1, and 3.1.2 does not invalidate session after logout which could...
Moderate
Unreviewed
CVE-2019-4439
was published
May 24, 2022
IBM Security Access Manager 9.0.1 through 9.0.6 does not invalidate session tokens in a timely...
Moderate
Unreviewed
CVE-2019-4152
was published
May 24, 2022
The "action" get_sess_id in the web application of Pydio through 8.2.2 discloses the session...
Moderate
Unreviewed
CVE-2019-10045
was published
May 24, 2022
IBM Jazz Foundation could allow an authenticated user to take over a previously logged in user...
Moderate
Unreviewed
CVE-2016-6040
was published
May 17, 2022
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior,...
Moderate
Unreviewed
CVE-2017-5141
was published
May 17, 2022
Session fixation vulnerability in the forgot password mechanism in Revive Adserver before 4.0.1,...
Moderate
Unreviewed
CVE-2017-5831
was published
May 17, 2022
IBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly update the SESSIONID with...
Moderate
Unreviewed
CVE-2017-1152
was published
May 17, 2022
Session fixation vulnerability in Cybozu Garoon 4.0.0 to 4.2.4 allows remote attackers to perform...
Moderate
Unreviewed
CVE-2017-2145
was published
May 17, 2022
Session fixation vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7...
Moderate
Unreviewed
CVE-2014-4789
was published
May 17, 2022
Session management issue in RX-V200 firmware versions prior to 09.87.17.09, RX-V100 firmware...
Moderate
Unreviewed
CVE-2017-10890
was published
May 17, 2022
In Nessus before 7.1.0, Session Fixation exists due to insufficient session management within the...
Moderate
Unreviewed
CVE-2018-1148
was published
May 14, 2022
** DISPUTED ** Prior to 2018-04-27, the reprompt feature in Amazon Echo devices could be misused...
Moderate
Unreviewed
CVE-2018-11567
was published
May 14, 2022
Session Fixation in the web application for TerraMaster TOS version 3.1.03 allows attackers to...
Moderate
Unreviewed
CVE-2018-13337
was published
May 14, 2022
A Session Fixation issue was discovered in Bigtree before 4.2.24. admin.php accepts a user...
Moderate
Unreviewed
CVE-2018-18380
was published
May 14, 2022
ubuntu-image 1.0 before 2017-07-07, when invoked as non-root, creates files in the resulting...
Moderate
Unreviewed
CVE-2017-10600
was published
May 13, 2022
nss before version 3.30 is vulnerable to a remote denial of service during the session handshake...
Moderate
Unreviewed
CVE-2016-9574
was published
May 13, 2022
Nextcloud Server before 11.0.3 is vulnerable to an improper session handling allowed an...
Moderate
Unreviewed
CVE-2017-0892
was published
May 13, 2022
A vulnerability in the web functionality of the Cisco Prime LAN Management Solution could allow...
Moderate
Unreviewed
CVE-2017-12225
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API