Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,826
Maven
5,000+
npm
5,000+
NuGet
939
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,357
Swift
54
Unreviewed advisories
All unreviewed
5,000+

64 advisories

Loading
Rails Multisite secure/signed cookies share secrets between sites in a multi-site application Moderate
CVE-2021-41263 was published for rails_multisite (RubyGems) Nov 15, 2021
Centreon Does Not Set HTTPOnly Flag High
CVE-2019-17104 was published for centreon/centreon (Composer) May 24, 2022
Improper Authentication vulnerability in the cookie parameter of Circutor SGE-PLC1000 firmware... High Unreviewed
CVE-2021-33842 was published May 24, 2022
Cookie Prefix Spoofing in CGI::Cookie.parse High
CVE-2021-41819 was published for cgi (RubyGems) Jan 21, 2022
kir-b Credited to kir-b
Cross-domain cookie leakage in Guzzle High
CVE-2022-29248 was published for guzzlehttp/guzzle (Composer) May 25, 2022
** UNSUPPPORTED WHEN ASSIGNED ** Session management within the web application is... Critical Unreviewed
CVE-2023-41084 was published Sep 18, 2023
Cross site scripting (XSS) in JupyterHub via Self-XSS leveraged by Cookie Tossing High
CVE-2024-28233 was published for jupyterhub (pip) Mar 28, 2024
Th0h0 Credited to Th0h0
Reliance on Cookies without Validation and Integrity Checking in a Security Decision... Critical Unreviewed
CVE-2023-3050 was published Jun 13, 2023
CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication. Critical Unreviewed
CVE-2023-35885 was published Jun 20, 2023
The website configured in the URL widget will receive a session cookie when testing or executing... High Unreviewed
CVE-2023-32725 was published Dec 22, 2023
The device allows an unauthenticated attacker to bypass authentication and modify the cookie to... High Unreviewed
CVE-2024-21872 was published Apr 19, 2024
The application suffers from a privilege escalation vulnerability. An attacker logged in as... High Unreviewed
CVE-2024-22186 was published Apr 19, 2024
Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics... Critical Unreviewed
CVE-2024-0947 was published Jun 27, 2024
The FlowMaster BPM Plus system from NewType has a privilege escalation vulnerability. Remote... High Unreviewed
CVE-2024-9970 was published Oct 15, 2024
The WP 2FA with Telegram plugin for WordPress is vulnerable to Two-Factor Authentication Bypass... Moderate Unreviewed
CVE-2024-9820 was published Oct 15, 2024
github.com/gitpod-io/gitpod vulnerable to Cookie Tossing Moderate
CVE-2024-21583 was published for github.com/gitpod-io/gitpod (Go) Jul 19, 2024
Ruijie RG-NBR700GW 10.3(4b12) router lacks cookie verification when resetting the password,... Critical Unreviewed
CVE-2024-28288 was published Mar 30, 2024
Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an... Moderate Unreviewed
CVE-2024-1551 was published Feb 20, 2024
Client-side enforcement of server-side security issue exists in WL-WN531AX2 firmware versions... High Unreviewed
CVE-2023-32612 was published Jun 30, 2023
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not set the secure attribute on... Moderate Unreviewed
CVE-2021-20450 was published May 3, 2024
The U-Office Force from e-Excellence has an Improper Authentication vulnerability, allowing... Critical Unreviewed
CVE-2025-2395 was published Mar 17, 2025
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on... Moderate Unreviewed
CVE-2024-39734 was published Jul 14, 2024
An issue in Think Router Tk-Rt-Wr135G V3.0.2-X000 allows attackers to bypass authentication via a... High Unreviewed
CVE-2024-55211 was published Apr 17, 2025
Privilege escalation vulnerability on the DIGISOL DG-HR1400 1.00.02 wireless router enables an... High Unreviewed
CVE-2017-6896 was published May 13, 2022
An unprivileged user of the Unitrends Enterprise Backup before 9.0.0 web server can escalate to... Critical Unreviewed
CVE-2017-7279 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database