Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

377 advisories

Loading
addcontent Credited to addcontent
A flaw has been found in tittuvarghese CollegeManagementSystem... Low Unreviewed
CVE-2026-11335 was published Jun 5, 2026
Gradio contains a cookie injection vulnerability High
CVE-2026-48545 was published for gradio (pip) May 27, 2026
Apache Shiro has a session fixation vulnerability Moderate
CVE-2026-43827 was published for org.apache.shiro:shiro-core (Maven) May 26, 2026
Classic298 Credited to Classic298
Apache Wicket has a Session Fixation issue Critical
CVE-2026-40010 was published for org.apache.wicket:wicket-auth-roles (Maven) May 6, 2026
OAuth2 Proxy's session cookies are not cleared when rendering sign-in page Low
CVE-2026-34454 was published for github.com/oauth2-proxy/oauth2-proxy/v7 (Go) Apr 14, 2026
bella-WI Credited to bella-WI and cschrewing-WI cschrewing-WI cschrewing-WI
MCP Ruby SDK: Insufficient Session Binding Allows SSE Stream Hijacking via Session ID Replay High
CVE-2026-33946 was published for mcp (RubyGems) Mar 27, 2026
srikanthramu Credited to srikanthramu
OpenBao lacks user confirmation for OIDC direct callback mode Critical
CVE-2026-33757 was published for github.com/openbao/openbao (Go) Mar 26, 2026
gianklug Credited to gianklug
AVideo has Session Fixation via GET PHPSESSID Parameter With Disabled Login Session Regeneration High
CVE-2026-33492 was published for wwbn/avideo (Composer) Mar 20, 2026
offset Credited to offset
ProTip! Advisories are also available from the GraphQL API