GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,217
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,443
Swift
61
Unreviewed advisories
All unreviewed
5,000+
16 advisories
Filter by severity
nebula-mesh: Session and OIDC state cookies lack the Secure attribute
Moderate
CVE-2026-48058
was published
for
github.com/juev/nebula-mesh
(Go)
Jun 10, 2026
Apache Shiro sends sensitive cookies in HTTPS session without 'Secure' attribute
Moderate
CVE-2026-43828
was published
for
org.apache.shiro:shiro-web
(Maven)
May 26, 2026
NocoDB: Refresh Token Cookie Set Without `secure` and `sameSite` Flags
Moderate
CVE-2026-46550
was published
for
nocodb
(npm)
May 21, 2026
@grackle-ai/server has a Missing Secure Flag on Session Cookie
Low
GHSA-5j35-xr4g-vwf4
was published
for
@grackle-ai/server
(npm)
Mar 25, 2026
General OpenMRS Security Advisory, January 2025: Penetration Testing Results and Patches
Critical
GHSA-vpxm-cr3r-pjp9
was published
for
org.openmrs.module:addresshierarchy
(Maven)
Jan 30, 2025
Taipy has a Session Cookie without Secure and HTTPOnly flags
Moderate
CVE-2024-47833
was published
for
taipy
(pip)
Aug 27, 2024
Sensitive cookie in HTTPS session without 'Secure' attribute in thorsten/phpmyfaq
Moderate
CVE-2023-5866
was published
for
thorsten/phpmyfaq
(Composer)
Oct 31, 2023
Pyload contains Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
Moderate
CVE-2023-0055
was published
for
pyload-ng
(pip)
Jan 5, 2023
Macaron csrf missing encryption and has sensitive cookies in HTTP session without secure attribute
High
CVE-2018-25060
was published
for
github.com/go-macaron/csrf
(Go)
Dec 30, 2022
usememos/memos missing Secure cookie attribute
Moderate
CVE-2022-4683
was published
for
github.com/usememos/memos
(Go)
Dec 23, 2022
phpMyFAQ has insecure HTTP cookies
High
CVE-2022-4409
was published
for
thorsten/phpmyfaq
(Composer)
Dec 11, 2022
rdiffweb has insecure HTTP cookies
Moderate
CVE-2022-3250
was published
for
rdiffweb
(pip)
Sep 22, 2022
rdiffweb vulnerable to Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
High
CVE-2022-3174
was published
for
rdiffweb
(pip)
Sep 14, 2022
Insecure cookies in Openshift Origin
Moderate
CVE-2015-3207
was published
for
github.com/openshift/origin
(Go)
Jul 8, 2022
Mattermost Server does not check if cookies are used over SSL
High
CVE-2016-11076
was published
for
github.com/mattermost/mattermost-server
(Go)
May 24, 2022
Sensitive Cookie Without HttpOnly and Secure Flag
High
CVE-2017-1000046
was published
for
mautic/core
(Composer)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API