GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
18 advisories
Filter by severity
Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session...
Moderate
Unreviewed
CVE-2021-40642
was published
Jun 30, 2022
ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent
Moderate
CVE-2022-36032
was published
for
react/http
(Composer)
Sep 16, 2022
IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive...
Moderate
Unreviewed
CVE-2019-4305
was published
May 24, 2022
Lack of protection against cookie tossing attacks in fastify-csrf
Moderate
CVE-2021-29624
was published
for
fastify-csrf
(npm)
May 17, 2021
IBM Security Guardium Big Data Intelligence (SonarG) 4.0 does not set the secure attribute for...
Moderate
Unreviewed
CVE-2019-4330
was published
May 24, 2022
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is...
Moderate
Unreviewed
CVE-2020-7070
was published
May 24, 2022
When a user downloaded a file in Firefox for Android, if a cookie is set, it would have been re...
Moderate
Unreviewed
CVE-2020-26955
was published
May 24, 2022
Reliance on Cookies without validation in OctoberCMS
Moderate
CVE-2020-15128
was published
for
october/rain
(Composer)
Aug 5, 2020
Reliance on Cookies without Validation and Integrity Checking in getgrav/grav
Moderate
CVE-2021-3818
was published
for
getgrav/grav
(Composer)
Sep 29, 2021
Google Chrome before 15.0.874.102 does not properly handle javascript: URLs, which allows remote...
Moderate
Unreviewed
CVE-2011-3887
was published
May 13, 2022
Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.79 allowed a...
Moderate
Unreviewed
CVE-2022-2615
was published
Aug 13, 2022
The Cloud Controller and Router in Cloud Foundry (CAPI-release capi versions prior to v1.32.0,...
Moderate
Unreviewed
CVE-2017-8034
was published
May 13, 2022
All versions of Landis+Gyr E850 (ZMQ200) are vulnerable to CWE-784: Reliance on Cookies Without...
Moderate
Unreviewed
CVE-2022-3083
was published
Feb 1, 2023
Rails Multisite secure/signed cookies share secrets between sites in a multi-site application
Moderate
CVE-2021-41263
was published
for
rails_multisite
(RubyGems)
Nov 15, 2021
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on...
Moderate
Unreviewed
CVE-2024-39734
was published
Jul 14, 2024
The WP 2FA with Telegram plugin for WordPress is vulnerable to Two-Factor Authentication Bypass...
Moderate
Unreviewed
CVE-2024-9820
was published
Oct 15, 2024
github.com/gitpod-io/gitpod vulnerable to Cookie Tossing
Moderate
CVE-2024-21583
was published
for
github.com/gitpod-io/gitpod
(Go)
Jul 19, 2024
Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an...
Moderate
Unreviewed
CVE-2024-1551
was published
Feb 20, 2024
ProTip!
Advisories are also available from the
GraphQL API