Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,026
Maven
5,000+
npm
4,763
NuGet
824
pip
4,366
Pub
12
RubyGems
987
Rust
1,143
Swift
50
Unreviewed advisories
All unreviewed
5,000+

30 advisories

Loading
Rucio WebUI has a Stored Cross-site Scripting (XSS) Vulnerability in its Custom RSE Attribute Moderate
CVE-2026-25736 was published for rucio-webui (pip) Feb 25, 2026
d-woosley
Credited to d-woosley
Rucio WebUI has a Stored Cross-site Scripting (XSS) vulnerability its Identity Name Moderate
CVE-2026-25735 was published for rucio-webui (pip) Feb 25, 2026
d-woosley
Credited to d-woosley
Rucio WebUI has Stored Cross-site Scripting (XSS) in RSE Metadata Moderate
CVE-2026-25734 was published for rucio-webui (pip) Feb 25, 2026
d-woosley
Credited to d-woosley
Rucio WebUI Vulnerable to Stored Cross-site Scripting (XSS) through Custom Rule Function High
CVE-2026-25733 was published for rucio-webui (pip) Feb 25, 2026
d-woosley
Credited to d-woosley
Rucio WebUI has a Reflected Cross-site Scripting Vulnerability High
CVE-2026-25136 was published for rucio-webui (pip) Feb 25, 2026
d-woosley
Credited to d-woosley
In ConnectWise PSA versions older than 2026.1, certain session cookies were not set with the... Moderate Unreviewed
CVE-2026-0696 was published Jan 16, 2026
This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy... High Unreviewed
CVE-2026-22081 was published Jan 9, 2026
TRUfusion Enterprise through 7.10.4.0 exposes the encrypted COOKIEID as an authentication... High Unreviewed
CVE-2025-27223 was published Oct 27, 2025
HTTP Security Misconfiguration - Lacking Secure and HTTPOnly Attribute may allow reading the... Moderate Unreviewed
CVE-2025-12031 was published Oct 21, 2025
SAP Cloud Appliance Library Appliances allows an attacker with high privileges to leverage an... Low Unreviewed
CVE-2025-42909 was published Oct 14, 2025
The HttpOnly flag is set to false on the PHPSESSION cookie. Therefore, the cookie can be accessed... Moderate Unreviewed
CVE-2025-27453 was published Jul 3, 2025
The HttpOnlyflag of the session cookie \"@@\" is set to false. Since this flag helps preventing... Moderate Unreviewed
CVE-2025-49189 was published Jun 12, 2025
An issue was discovered in Znuny through 7.1.3. A cookie is set without the HttpOnly flag. Critical Unreviewed
CVE-2025-26844 was published May 8, 2025
Cookie policy is observable via built-in browser tools. In the presence of XSS, this could lead... Moderate Unreviewed
CVE-2025-24318 was published Feb 28, 2025
IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive... Low Unreviewed
CVE-2022-43845 was published Sep 25, 2024
Taipy has a Session Cookie without Secure and HTTPOnly flags Moderate
CVE-2024-47833 was published for taipy (pip) Aug 27, 2024
mbiesiad
Credited to mbiesiad
IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could... Low Unreviewed
CVE-2022-33167 was published Jul 30, 2024
This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to missing HTTPOnly flag for... Moderate Unreviewed
CVE-2024-41685 was published Jul 26, 2024
The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag... Moderate Unreviewed
CVE-2024-6739 was published Jul 15, 2024
TYPO3 Security Misconfiguration in Install Tool Cookie High
GHSA-f777-f784-36gm was published for typo3/cms (Composer) Jun 7, 2024
TYPO3 Security Misconfiguration in Install Tool Cookie High
GHSA-ppvg-hw62-6ph9 was published for typo3/cms-core (Composer) May 30, 2024
A vulnerability has been identified in PT-G503 Series versions prior to v5.2, where the session... Low Unreviewed
CVE-2023-4217 was published Nov 2, 2023
A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6... Moderate Unreviewed
CVE-2023-4228 was published Aug 24, 2023
Sensitive Cookie Without 'HttpOnly' Flag vulnerability in ABB REX640 PCL1 (firmware modules), ABB... Moderate Unreviewed
CVE-2023-2876 was published Jun 13, 2023
Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Johnson Controls System Configuration... Moderate Unreviewed
CVE-2022-21939 was published Feb 9, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database