Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,826
Maven
5,000+
npm
5,000+
NuGet
942
pip
5,000+
Pub
13
RubyGems
1,060
Rust
1,357
Swift
54
Unreviewed advisories
All unreviewed
5,000+

18 advisories

Loading
Rack::Session::Cookie secrets: decrypt failure fallback enables secretless session forgery and Marshal deserialization Critical
CVE-2026-39324 was published for rack-session (RubyGems) Apr 8, 2026
sm1ee Credited to sm1ee, ioquatix, and jeremyevans ioquatix ioquatix
jeremyevans jeremyevans
Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution. ... Critical Unreviewed
CVE-2014-125112 was published Mar 26, 2026
An issue was discovered in NJHYST HY511 POE core before 2.1 and plugins before 0.1. The... Critical Unreviewed
CVE-2025-65212 was published Jan 6, 2026
The JAY Login & Register plugin for WordPress is vulnerable to authentication bypass in versions... Critical Unreviewed
CVE-2025-14440 was published Dec 13, 2025
The U-Office Force from e-Excellence has an Improper Authentication vulnerability, allowing... Critical Unreviewed
CVE-2025-2395 was published Mar 17, 2025
Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics... Critical Unreviewed
CVE-2024-0947 was published Jun 27, 2024
Ruijie RG-NBR700GW 10.3(4b12) router lacks cookie verification when resetting the password,... Critical Unreviewed
CVE-2024-28288 was published Mar 30, 2024
** UNSUPPPORTED WHEN ASSIGNED ** Session management within the web application is... Critical Unreviewed
CVE-2023-41084 was published Sep 18, 2023
CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication. Critical Unreviewed
CVE-2023-35885 was published Jun 20, 2023
Reliance on Cookies without Validation and Integrity Checking in a Security Decision... Critical Unreviewed
CVE-2023-3050 was published Jun 13, 2023
UCMS v1.6.0 contains an authentication bypass vulnerability which is exploited via cookie poisoning. Critical Unreviewed
CVE-2022-38297 was published Sep 13, 2022
The Vangene deltaFlow E-platform does not take properly protective measures. Attackers can obtain... Critical Unreviewed
CVE-2021-28171 was published May 24, 2022
Linear eMerge 50P/5000P devices allow Authentication Bypass. Critical Unreviewed
CVE-2019-7266 was published May 24, 2022
DMA Softlab Radius Manager 4.4.0 assigns the same session cookie to every admin session. The... Critical Unreviewed
CVE-2021-29012 was published May 24, 2022
The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0... Critical Unreviewed
CVE-2022-22785 was published May 19, 2022
PicturesPro Photo Cart 6 and 7 before Security-Patch-2018-B allows remote attackers to access... Critical Unreviewed
CVE-2018-5190 was published May 13, 2022
EPON CPE-WiFi devices 2.0.4-X000 are vulnerable to escalation of privileges by sending cooLogin=1... Critical Unreviewed
CVE-2018-20512 was published May 13, 2022
An unprivileged user of the Unitrends Enterprise Backup before 9.0.0 web server can escalate to... Critical Unreviewed
CVE-2017-7279 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database