GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,295
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
377 advisories
Filter by severity
A vulnerability was detected in SourceCodester CET Automated Grading System with AI Predictive...
Low
Unreviewed
CVE-2026-14609
was published
Jul 3, 2026
SurrealDB: HTTP /rpc `sessions` method leaks attached session UUIDs, enabling full session hijack by anonymous callers
High
GHSA-5qfp-32cf-69jh
was published
for
surrealdb
(Rust)
Jul 1, 2026
Gradio contains a cookie injection vulnerability
High
CVE-2026-48545
was published
for
gradio
(pip)
May 27, 2026
Session fixation vulnerability in Wikimedia Foundation OAuth.
This vulnerability is associated...
Low
Unreviewed
CVE-2026-13707
was published
Jul 1, 2026
Apache Tomcat Session Fixation vulnerability
Moderate
CVE-2025-55668
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Aug 13, 2025
Capgo console.capgo.app/login before 12.128.2 accepts access_token and refresh_token in URL query...
Moderate
Unreviewed
CVE-2026-56224
was published
Jul 1, 2026
Apache Shiro has a session fixation vulnerability
Moderate
CVE-2026-43827
was published
for
org.apache.shiro:shiro-core
(Maven)
May 26, 2026
KTM System e-BOK allows the session identifier to be set by the client prior to authentication....
Moderate
Unreviewed
CVE-2026-35095
was published
Jun 30, 2026
The Azure Active Directory (AAD) authentication implementation contained multiple weaknesses in...
Critical
Unreviewed
CVE-2026-56425
was published
Jun 22, 2026
EasyFlow .NET developed by Digiwin has a Session Fixation vulnerability. If unauthenticated...
High
Unreviewed
CVE-2026-12581
was published
Jun 22, 2026
Catalyst::Plugin::Authentication versions before 0.10_027 for Perl is susceptible to session...
Critical
Unreviewed
CVE-2009-10007
was published
Jun 9, 2026
A WebFlux application with a compromised subdomain (for example, compromised via cross-site...
Moderate
Unreviewed
CVE-2026-41839
was published
Jun 9, 2026
Overhang Tutor Discloses Sensitive Information due to Improper Cache-Control
Low
CVE-2025-65681
was published
for
tutor
(pip)
Nov 26, 2025
A flaw has been found in tittuvarghese CollegeManagementSystem...
Low
Unreviewed
CVE-2026-11335
was published
Jun 5, 2026
Session Fixation vulnerability in QR Menu Pro Smart Menu Systems Menu Panel allows Session...
Moderate
Unreviewed
CVE-2025-7014
was published
Jan 29, 2026
Session Fixation vulnerability in Akın Software Computer Import Export Industry and Trade Ltd. QR...
Moderate
Unreviewed
CVE-2025-7015
was published
Jan 29, 2026
Session Fixation vulnerability in Rolantis Information Technologies Agentis allows Session...
High
Unreviewed
CVE-2025-10228
was published
Oct 14, 2025
Improper Authentication (Authentication Bypass) exists in Neterbit NW-431F Router 20241014-IR03...
Critical
Unreviewed
CVE-2025-67446
was published
Jun 4, 2026
Session Fixation vulnerability in Oceanic Software ValeApp allows Brute Force, Session Hijacking...
Critical
Unreviewed
CVE-2024-8643
was published
Sep 27, 2024
QuickCMS allows a user's session identifier to be set before authentication. The value of this...
Moderate
Unreviewed
CVE-2026-33384
was published
May 29, 2026
Open WebUI: Stale Admin Role in Socket.IO Session Pool Enables Post-Demotion Cross-User Note Access
High
CVE-2026-44553
was published
for
open-webui
(pip)
May 8, 2026
Session Fixation vulnerability allows Session Hijacking via crafted session ID. This issue...
High
Unreviewed
CVE-2026-30808
was published
May 12, 2026
docuFORM Managed Print Service Client 11.11c is vulnerable to a session fixation attack via the...
Moderate
Unreviewed
CVE-2025-65415
was published
May 11, 2026
Apache Wicket has a Session Fixation issue
Critical
CVE-2026-40010
was published
for
org.apache.wicket:wicket-auth-roles
(Maven)
May 6, 2026
AVideo has Session Fixation via GET PHPSESSID Parameter With Disabled Login Session Regeneration
High
CVE-2026-33492
was published
for
wwbn/avideo
(Composer)
Mar 20, 2026
ProTip!
Advisories are also available from the
GraphQL API