GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,217
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,443
Swift
61
Unreviewed advisories
All unreviewed
5,000+
59 advisories
Filter by severity
Pinpoint through version 3.1.0 contains an insecure session management vulnerability that allows...
High
Unreviewed
CVE-2026-57948
was published
Jun 29, 2026
A vulnerability was determined in TwiN gatus 5.36.0. Impacted is the function setSessionCookie of...
Moderate
Unreviewed
CVE-2026-11956
was published
Jun 11, 2026
nebula-mesh: Session and OIDC state cookies lack the Secure attribute
Moderate
CVE-2026-48058
was published
for
github.com/juev/nebula-mesh
(Go)
Jun 10, 2026
HCL iControl was affected by Missing Cookie Attributes vulnerability. It was observed that the...
Low
Unreviewed
CVE-2025-52608
was published
Jun 4, 2026
Apache Airflow's `JWTRefreshMiddleware` set the JWT auth cookie without the `Secure` flag, so...
Moderate
Unreviewed
CVE-2026-41017
was published
Jun 1, 2026
Apache Shiro sends sensitive cookies in HTTPS session without 'Secure' attribute
Moderate
CVE-2026-43828
was published
for
org.apache.shiro:shiro-web
(Maven)
May 26, 2026
NocoDB: Refresh Token Cookie Set Without `secure` and `sameSite` Flags
Moderate
CVE-2026-46550
was published
for
nocodb
(npm)
May 21, 2026
Eaton Intelligent Power Protector (IPP) uses an insecure cookie configuration, which could allow...
Moderate
Unreviewed
CVE-2026-22617
was published
Apr 16, 2026
IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10 does not set the secure attribute on...
Moderate
Unreviewed
CVE-2026-4820
was published
Apr 1, 2026
@grackle-ai/server has a Missing Secure Flag on Session Cookie
Low
GHSA-5j35-xr4g-vwf4
was published
for
@grackle-ai/server
(npm)
Mar 25, 2026
In JetBrains Datalore before 2026.1 session hijacking was possible due to missing secure...
Moderate
Unreviewed
CVE-2026-32745
was published
Mar 13, 2026
The Secure and SameSite attribute are missing in the GraphicalData web services and WebClient web...
Moderate
Unreviewed
CVE-2026-1697
was published
Feb 26, 2026
A cookie security configuration vulnerability in Kentico Xperience allows attackers to bypass SSL...
Moderate
Unreviewed
CVE-2024-58317
was published
Dec 18, 2025
IBM Jazz for Service Management 1.1.3.0 through 1.1.3.25 does not set the secure attribute on...
Low
Unreviewed
CVE-2025-36249
was published
Oct 31, 2025
HCL Unica Platform is affected by a Cookie without HTTPOnly Flag Set vulnerability. A malicious...
Low
Unreviewed
CVE-2025-52614
was published
Oct 12, 2025
A Missing Secure Attribute in Encrypted Session (SSL) Cookie vulnerability in HCL AION.This issue...
Moderate
Unreviewed
CVE-2025-52632
was published
Oct 10, 2025
IBM Jazz for Service Management 1.1.3.0 through 1.1.3.24 does not set the secure attribute on...
Moderate
Unreviewed
CVE-2025-36011
was published
Sep 9, 2025
Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the...
Critical
Unreviewed
CVE-2025-8037
was published
Jul 22, 2025
This vulnerability exists in Digisol DG-GR6821AC Router due to misconfiguration of both Secure...
High
Unreviewed
CVE-2025-53757
was published
Jul 16, 2025
The Secure attribute is missing on multiple cookies provided by the MEAC300-FNADE4. An attacker...
Moderate
Unreviewed
CVE-2025-27450
was published
Jul 3, 2025
IBM Datacap 9.1.7, 9.1.8, and 9.1.9
does not set the secure attribute on authorization tokens...
Moderate
Unreviewed
CVE-2025-36026
was published
Jun 28, 2025
In phpipam/phpipam version 1.5.1, the Secure attribute for sensitive cookies in HTTPS sessions is...
Moderate
Unreviewed
CVE-2024-10718
was published
Mar 20, 2025
General OpenMRS Security Advisory, January 2025: Penetration Testing Results and Patches
Critical
GHSA-vpxm-cr3r-pjp9
was published
for
org.openmrs.module:addresshierarchy
(Maven)
Jan 30, 2025
A vulnerability in OTRS Application Server and reverse proxy settings allows session hijacking...
Moderate
Unreviewed
CVE-2025-24390
was published
Jan 27, 2025
IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 does...
Moderate
Unreviewed
CVE-2024-28770
was published
Jan 27, 2025
ProTip!
Advisories are also available from the
GraphQL API