Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,741
Erlang
29
GitHub Actions
16
Go
1,710
Maven
4,946
npm
3,474
NuGet
605
pip
3,001
Pub
10
RubyGems
828
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

41 advisories

The device allows an unauthenticated attacker to bypass authentication and modify the cookie to... High Unreviewed
CVE-2024-21872 was published Apr 19, 2024
The application suffers from a privilege escalation vulnerability. An attacker logged in as... High Unreviewed
CVE-2024-22186 was published Apr 19, 2024
Cross site scripting (XSS) in JupyterHub via Self-XSS leveraged by Cookie Tossing High
CVE-2024-28233 was published for jupyterhub (pip) Mar 28, 2024
Th0h0
The website configured in the URL widget will receive a session cookie when testing or executing... High Unreviewed
CVE-2023-32725 was published Dec 22, 2023
** UNSUPPPORTED WHEN ASSIGNED ** Session management within the web application is... Critical Unreviewed
CVE-2023-41084 was published Sep 18, 2023
CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication. Critical Unreviewed
CVE-2023-35885 was published Jun 20, 2023
Reliance on Cookies without Validation and Integrity Checking in a Security Decision... Critical Unreviewed
CVE-2023-3050 was published Jun 13, 2023
All versions of Landis+Gyr E850 (ZMQ200) are vulnerable to CWE-784: Reliance on Cookies Without... Moderate Unreviewed
CVE-2022-3083 was published Feb 1, 2023
ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent Moderate
CVE-2022-36032 was published for react/http (Composer) Sep 16, 2022
lavish
UCMS v1.6.0 contains an authentication bypass vulnerability which is exploited via cookie poisoning. Critical Unreviewed
CVE-2022-38297 was published Sep 13, 2022
Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.79 allowed a... Moderate Unreviewed
CVE-2022-2615 was published Aug 13, 2022
IBM Security Verify Information Queue 10.0.2 could disclose sensitive information due to a... High Unreviewed
CVE-2022-35284 was published Jul 26, 2022
Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session... Moderate Unreviewed
CVE-2021-40642 was published Jun 30, 2022
A vulnerability, which was classified as critical, was found in MONyog Ultimate 6.63. This... High Unreviewed
CVE-2016-15002 was published Jun 10, 2022
Cross-domain cookie leakage in Guzzle High
CVE-2022-29248 was published for guzzlehttp/guzzle (Composer) May 25, 2022
The Vangene deltaFlow E-platform does not take properly protective measures. Attackers can obtain... Critical Unreviewed
CVE-2021-28171 was published May 24, 2022
IBM Security Guardium Big Data Intelligence (SonarG) 4.0 does not set the secure attribute for... Moderate Unreviewed
CVE-2019-4330 was published May 24, 2022
Linear eMerge 50P/5000P devices allow Authentication Bypass. Critical Unreviewed
CVE-2019-7266 was published May 24, 2022
Improper Authentication vulnerability in the cookie parameter of Circutor SGE-PLC1000 firmware... High Unreviewed
CVE-2021-33842 was published May 24, 2022
DMA Softlab Radius Manager 4.4.0 assigns the same session cookie to every admin session. The... Critical Unreviewed
CVE-2021-29012 was published May 24, 2022
When a user downloaded a file in Firefox for Android, if a cookie is set, it would have been re... Moderate Unreviewed
CVE-2020-26955 was published May 24, 2022
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is... Moderate Unreviewed
CVE-2020-7070 was published May 24, 2022
Centreon Does Not Set HTTPOnly Flag High
CVE-2019-17104 was published for centreon/centreon (Composer) May 24, 2022
IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive... Moderate Unreviewed
CVE-2019-4305 was published May 24, 2022
The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0... Critical Unreviewed
CVE-2022-22785 was published May 19, 2022
ProTip! Advisories are also available from the GraphQL API