Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

59 advisories

Loading
nebula-mesh: Session and OIDC state cookies lack the Secure attribute Moderate
CVE-2026-48058 was published for github.com/juev/nebula-mesh (Go) Jun 10, 2026
ak2k Credited to ak2k
Apache Shiro sends sensitive cookies in HTTPS session without 'Secure' attribute Moderate
CVE-2026-43828 was published for org.apache.shiro:shiro-web (Maven) May 26, 2026
NocoDB: Refresh Token Cookie Set Without `secure` and `sameSite` Flags Moderate
CVE-2026-46550 was published for nocodb (npm) May 21, 2026
ik0z Credited to ik0z
@grackle-ai/server has a Missing Secure Flag on Session Cookie Low
GHSA-5j35-xr4g-vwf4 was published for @grackle-ai/server (npm) Mar 25, 2026
In JetBrains Datalore before 2026.1 session hijacking was possible due to missing secure... Moderate Unreviewed
CVE-2026-32745 was published Mar 13, 2026
General OpenMRS Security Advisory, January 2025: Penetration Testing Results and Patches Critical
GHSA-vpxm-cr3r-pjp9 was published for org.openmrs.module:addresshierarchy (Maven) Jan 30, 2025
slubwama Credited to slubwama and mseaton mseaton mseaton
ProTip! Advisories are also available from the GraphQL API