GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
48 advisories
Filter by severity
The FlowMaster BPM Plus system from NewType has a privilege escalation vulnerability. Remote...
High
Unreviewed
CVE-2024-9970
was published
Oct 15, 2024
The WP 2FA with Telegram plugin for WordPress is vulnerable to Two-Factor Authentication Bypass...
Moderate
Unreviewed
CVE-2024-9820
was published
Oct 15, 2024
github.com/gitpod-io/gitpod vulnerable to Cookie Tossing
Moderate
CVE-2024-21583
was published
for
github.com/gitpod-io/gitpod
(Go)
Jul 19, 2024
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on...
Moderate
Unreviewed
CVE-2024-39734
was published
Jul 14, 2024
Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics...
Critical
Unreviewed
CVE-2024-0947
was published
Jun 27, 2024
The device allows an unauthenticated attacker to bypass authentication
and modify the cookie to...
High
Unreviewed
CVE-2024-21872
was published
Apr 19, 2024
The application suffers from a privilege escalation vulnerability. An
attacker logged in as...
High
Unreviewed
CVE-2024-22186
was published
Apr 19, 2024
Ruijie RG-NBR700GW 10.3(4b12) router lacks cookie verification when resetting the password,...
Critical
Unreviewed
CVE-2024-28288
was published
Mar 30, 2024
Cross site scripting (XSS) in JupyterHub via Self-XSS leveraged by Cookie Tossing
High
CVE-2024-28233
was published
for
jupyterhub
(pip)
Mar 28, 2024
Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an...
Moderate
Unreviewed
CVE-2024-1551
was published
Feb 20, 2024
The website configured in the URL widget will receive a session cookie when testing or executing...
High
Unreviewed
CVE-2023-32725
was published
Dec 22, 2023
** UNSUPPPORTED WHEN ASSIGNED **
Session management within the web application is...
Critical
Unreviewed
CVE-2023-41084
was published
Sep 18, 2023
CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication.
Critical
Unreviewed
CVE-2023-35885
was published
Jun 20, 2023
Reliance on Cookies without Validation and Integrity Checking in a Security Decision...
Critical
Unreviewed
CVE-2023-3050
was published
Jun 13, 2023
All versions of Landis+Gyr E850 (ZMQ200) are vulnerable to CWE-784: Reliance on Cookies Without...
Moderate
Unreviewed
CVE-2022-3083
was published
Feb 1, 2023
ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent
Moderate
CVE-2022-36032
was published
for
react/http
(Composer)
Sep 16, 2022
UCMS v1.6.0 contains an authentication bypass vulnerability which is exploited via cookie poisoning.
Critical
Unreviewed
CVE-2022-38297
was published
Sep 13, 2022
Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.79 allowed a...
Moderate
Unreviewed
CVE-2022-2615
was published
Aug 13, 2022
IBM Security Verify Information Queue 10.0.2 could disclose sensitive information due to a...
High
Unreviewed
CVE-2022-35284
was published
Jul 26, 2022
Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session...
Moderate
Unreviewed
CVE-2021-40642
was published
Jun 30, 2022
A vulnerability, which was classified as critical, was found in MONyog Ultimate 6.63. This...
High
Unreviewed
CVE-2016-15002
was published
Jun 10, 2022
Cross-domain cookie leakage in Guzzle
High
CVE-2022-29248
was published
for
guzzlehttp/guzzle
(Composer)
May 25, 2022
The Vangene deltaFlow E-platform does not take properly protective measures. Attackers can obtain...
Critical
Unreviewed
CVE-2021-28171
was published
May 24, 2022
IBM Security Guardium Big Data Intelligence (SonarG) 4.0 does not set the secure attribute for...
Moderate
Unreviewed
CVE-2019-4330
was published
May 24, 2022
Linear eMerge 50P/5000P devices allow Authentication Bypass.
Critical
Unreviewed
CVE-2019-7266
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API