Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

16 advisories

Loading
nebula-mesh: Session and OIDC state cookies lack the Secure attribute Moderate
CVE-2026-48058 was published for github.com/juev/nebula-mesh (Go) Jun 10, 2026
ak2k Credited to ak2k
Apache Shiro sends sensitive cookies in HTTPS session without 'Secure' attribute Moderate
CVE-2026-43828 was published for org.apache.shiro:shiro-web (Maven) May 26, 2026
NocoDB: Refresh Token Cookie Set Without `secure` and `sameSite` Flags Moderate
CVE-2026-46550 was published for nocodb (npm) May 21, 2026
ik0z Credited to ik0z
@grackle-ai/server has a Missing Secure Flag on Session Cookie Low
GHSA-5j35-xr4g-vwf4 was published for @grackle-ai/server (npm) Mar 25, 2026
General OpenMRS Security Advisory, January 2025: Penetration Testing Results and Patches Critical
GHSA-vpxm-cr3r-pjp9 was published for org.openmrs.module:addresshierarchy (Maven) Jan 30, 2025
slubwama Credited to slubwama and mseaton mseaton mseaton
Taipy has a Session Cookie without Secure and HTTPOnly flags Moderate
CVE-2024-47833 was published for taipy (pip) Aug 27, 2024
mbiesiad Credited to mbiesiad
Sensitive cookie in HTTPS session without 'Secure' attribute in thorsten/phpmyfaq Moderate
CVE-2023-5866 was published for thorsten/phpmyfaq (Composer) Oct 31, 2023
Pyload contains Sensitive Cookie in HTTPS Session Without 'Secure' Attribute Moderate
CVE-2023-0055 was published for pyload-ng (pip) Jan 5, 2023
Macaron csrf missing encryption and has sensitive cookies in HTTP session without secure attribute High
CVE-2018-25060 was published for github.com/go-macaron/csrf (Go) Dec 30, 2022
usememos/memos missing Secure cookie attribute Moderate
CVE-2022-4683 was published for github.com/usememos/memos (Go) Dec 23, 2022
phpMyFAQ has insecure HTTP cookies High
CVE-2022-4409 was published for thorsten/phpmyfaq (Composer) Dec 11, 2022
rdiffweb has insecure HTTP cookies Moderate
CVE-2022-3250 was published for rdiffweb (pip) Sep 22, 2022
rdiffweb vulnerable to Sensitive Cookie in HTTPS Session Without 'Secure' Attribute High
CVE-2022-3174 was published for rdiffweb (pip) Sep 14, 2022
Insecure cookies in Openshift Origin Moderate
CVE-2015-3207 was published for github.com/openshift/origin (Go) Jul 8, 2022
Mattermost Server does not check if cookies are used over SSL High
CVE-2016-11076 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Sensitive Cookie Without HttpOnly and Secure Flag High
CVE-2017-1000046 was published for mautic/core (Composer) May 13, 2022
ProTip! Advisories are also available from the GraphQL API