GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
48 advisories
Filter by severity
Reliance on Cookies without validation in OctoberCMS
Moderate
CVE-2020-15128
was published
for
october/rain
(Composer)
Aug 5, 2020
Lack of protection against cookie tossing attacks in fastify-csrf
Moderate
CVE-2021-29624
was published
for
fastify-csrf
(npm)
May 17, 2021
Reliance on Cookies without Validation and Integrity Checking in getgrav/grav
Moderate
CVE-2021-3818
was published
for
getgrav/grav
(Composer)
Sep 29, 2021
Rails Multisite secure/signed cookies share secrets between sites in a multi-site application
Moderate
CVE-2021-41263
was published
for
rails_multisite
(RubyGems)
Nov 15, 2021
Cookie Prefix Spoofing in CGI::Cookie.parse
High
CVE-2021-41819
was published
for
cgi
(RubyGems)
Jan 21, 2022
Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation vulnerability....
High
Unreviewed
CVE-2021-36338
was published
Jan 22, 2022
WAGO 750-8212 PFC200 G2 2ETH RS Firmware version 03.05.10(17) is affected by a privilege...
High
Unreviewed
CVE-2021-46388
was published
Feb 17, 2022
An issue in upload.csp of FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows attackers to write...
High
Unreviewed
CVE-2022-28113
was published
Apr 16, 2022
An issue was discovered in LAOBANCMS 2.0. /admin/login.php allows spoofing of the id and...
High
Unreviewed
CVE-2018-19224
was published
May 13, 2022
Google Chrome before 15.0.874.102 does not properly handle javascript: URLs, which allows remote...
Moderate
Unreviewed
CVE-2011-3887
was published
May 13, 2022
Privilege escalation vulnerability on the DIGISOL DG-HR1400 1.00.02 wireless router enables an...
High
Unreviewed
CVE-2017-6896
was published
May 13, 2022
An unprivileged user of the Unitrends Enterprise Backup before 9.0.0 web server can escalate to...
Critical
Unreviewed
CVE-2017-7279
was published
May 13, 2022
The Cloud Controller and Router in Cloud Foundry (CAPI-release capi versions prior to v1.32.0,...
Moderate
Unreviewed
CVE-2017-8034
was published
May 13, 2022
EPON CPE-WiFi devices 2.0.4-X000 are vulnerable to escalation of privileges by sending cooLogin=1...
Critical
Unreviewed
CVE-2018-20512
was published
May 13, 2022
PicturesPro Photo Cart 6 and 7 before Security-Patch-2018-B allows remote attackers to access...
Critical
Unreviewed
CVE-2018-5190
was published
May 13, 2022
V3 Chat - Profiles/Dating Script 3.0.2 allows remote attackers to bypass authentication and gain...
High
Unreviewed
CVE-2008-5784
was published
May 17, 2022
The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0...
Critical
Unreviewed
CVE-2022-22785
was published
May 19, 2022
IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive...
Moderate
Unreviewed
CVE-2019-4305
was published
May 24, 2022
Centreon Does Not Set HTTPOnly Flag
High
CVE-2019-17104
was published
for
centreon/centreon
(Composer)
May 24, 2022
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is...
Moderate
Unreviewed
CVE-2020-7070
was published
May 24, 2022
When a user downloaded a file in Firefox for Android, if a cookie is set, it would have been re...
Moderate
Unreviewed
CVE-2020-26955
was published
May 24, 2022
DMA Softlab Radius Manager 4.4.0 assigns the same session cookie to every admin session. The...
Critical
Unreviewed
CVE-2021-29012
was published
May 24, 2022
Improper Authentication vulnerability in the cookie parameter of Circutor SGE-PLC1000 firmware...
High
Unreviewed
CVE-2021-33842
was published
May 24, 2022
Linear eMerge 50P/5000P devices allow Authentication Bypass.
Critical
Unreviewed
CVE-2019-7266
was published
May 24, 2022
IBM Security Guardium Big Data Intelligence (SonarG) 4.0 does not set the secure attribute for...
Moderate
Unreviewed
CVE-2019-4330
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API