Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,606
Maven
5,000+
npm
5,000+
NuGet
924
pip
4,831
Pub
13
RubyGems
1,045
Rust
1,256
Swift
53
Unreviewed advisories
All unreviewed
5,000+

359 advisories

Loading
OliveTin Session Fixation: Logout Fails to Invalidate Server-Side Session Moderate
CVE-2026-30224 was published for github.com/OliveTin/OliveTin (Go) Mar 5, 2026
Zwique Credited to Zwique
ScadaBR 1.12.4 is vulnerable to Session Fixation. The application assigns a JSESSIONID session... Moderate Unreviewed
CVE-2025-70973 was published Mar 9, 2026
AVideo has Session Fixation via GET PHPSESSID Parameter With Disabled Login Session Regeneration High
CVE-2026-33492 was published for wwbn/avideo (Composer) Mar 20, 2026
HCL Aftermarket DPC is affected by Session Fixation which allows attacker to takeover the user's... Moderate Unreviewed
CVE-2025-55266 was published Mar 26, 2026
OpenBao lacks user confirmation for OIDC direct callback mode Critical
CVE-2026-33757 was published for github.com/openbao/openbao (Go) Mar 26, 2026
gianklug Credited to gianklug
Bludit allows user's session identifier to be set before authentication. The value of this... Moderate Unreviewed
CVE-2026-25101 was published Mar 27, 2026
MCP Ruby SDK: Insufficient Session Binding Allows SSE Stream Hijacking via Session ID Replay High
CVE-2026-33946 was published for mcp (RubyGems) Mar 27, 2026
srikanthramu Credited to srikanthramu
OAuth2 Proxy's session cookies are not cleared when rendering sign-in page Low
CVE-2026-34454 was published for github.com/oauth2-proxy/oauth2-proxy/v7 (Go) Apr 14, 2026
bella-WI Credited to bella-WI and fnoehWM fnoehWM fnoehWM
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release... Moderate Unreviewed
CVE-2025-46605 was published Apr 17, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database