Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

18 advisories

Loading
The WP 2FA with Telegram plugin for WordPress is vulnerable to Two-Factor Authentication Bypass... Moderate Unreviewed
CVE-2024-9820 was published Oct 15, 2024
github.com/gitpod-io/gitpod vulnerable to Cookie Tossing Moderate
CVE-2024-21583 was published for github.com/gitpod-io/gitpod (Go) Jul 19, 2024
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on... Moderate Unreviewed
CVE-2024-39734 was published Jul 14, 2024
Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an... Moderate Unreviewed
CVE-2024-1551 was published Feb 20, 2024
All versions of Landis+Gyr E850 (ZMQ200) are vulnerable to CWE-784: Reliance on Cookies Without... Moderate Unreviewed
CVE-2022-3083 was published Feb 1, 2023
ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent Moderate
CVE-2022-36032 was published for react/http (Composer) Sep 16, 2022
lavish
Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.79 allowed a... Moderate Unreviewed
CVE-2022-2615 was published Aug 13, 2022
Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session... Moderate Unreviewed
CVE-2021-40642 was published Jun 30, 2022
IBM Security Guardium Big Data Intelligence (SonarG) 4.0 does not set the secure attribute for... Moderate Unreviewed
CVE-2019-4330 was published May 24, 2022
When a user downloaded a file in Firefox for Android, if a cookie is set, it would have been re... Moderate Unreviewed
CVE-2020-26955 was published May 24, 2022
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is... Moderate Unreviewed
CVE-2020-7070 was published May 24, 2022
IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive... Moderate Unreviewed
CVE-2019-4305 was published May 24, 2022
The Cloud Controller and Router in Cloud Foundry (CAPI-release capi versions prior to v1.32.0,... Moderate Unreviewed
CVE-2017-8034 was published May 13, 2022
Google Chrome before 15.0.874.102 does not properly handle javascript: URLs, which allows remote... Moderate Unreviewed
CVE-2011-3887 was published May 13, 2022
Rails Multisite secure/signed cookies share secrets between sites in a multi-site application Moderate
CVE-2021-41263 was published for rails_multisite (RubyGems) Nov 15, 2021
Reliance on Cookies without Validation and Integrity Checking in getgrav/grav Moderate
CVE-2021-3818 was published for getgrav/grav (Composer) Sep 29, 2021
Lack of protection against cookie tossing attacks in fastify-csrf Moderate
CVE-2021-29624 was published for fastify-csrf (npm) May 17, 2021
Reliance on Cookies without validation in OctoberCMS Moderate
CVE-2020-15128 was published for october/rain (Composer) Aug 5, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database