GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
18 advisories
Filter by severity
Pyload contains Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
Moderate
CVE-2023-0055
was published
for
pyload-ng
(pip)
Jan 5, 2023
Insecure cookies in Openshift Origin
Moderate
CVE-2015-3207
was published
for
github.com/openshift/origin
(Go)
Jul 8, 2022
rdiffweb has insecure HTTP cookies
Moderate
CVE-2022-3250
was published
for
rdiffweb
(pip)
Sep 22, 2022
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/minarca...
Moderate
Unreviewed
CVE-2022-3251
was published
Sep 22, 2022
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in Johnson Controls...
Moderate
Unreviewed
CVE-2022-21940
was published
Feb 9, 2023
A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 ...
Moderate
Unreviewed
CVE-2022-24045
was published
May 21, 2022
Cookie without HTTPONLY flag set. NUMBER cookie(s) was set without Secure or HTTPOnly flags. The...
Moderate
Unreviewed
CVE-2021-27764
was published
May 7, 2022
usememos/memos missing Secure cookie attribute
Moderate
CVE-2022-4683
was published
for
github.com/usememos/memos
(Go)
Dec 23, 2022
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository it-novum...
Moderate
Unreviewed
CVE-2023-3520
was published
Jul 6, 2023
Sensitive cookie in HTTPS session without 'Secure' attribute in thorsten/phpmyfaq
Moderate
CVE-2023-5866
was published
for
thorsten/phpmyfaq
(Composer)
Oct 31, 2023
LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client...
Moderate
Unreviewed
CVE-2021-3882
was published
May 24, 2022
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3...
Moderate
Unreviewed
CVE-2023-42016
was published
Feb 9, 2024
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 does not set the secure attribute on authorization...
Moderate
Unreviewed
CVE-2023-46179
was published
Mar 15, 2024
IBM Security QRadar EDR 3.12 does not set the secure attribute on authorization tokens or session...
Moderate
Unreviewed
CVE-2023-33860
was published
Jul 10, 2024
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions ...
Moderate
Unreviewed
CVE-2024-35211
was published
Jun 11, 2024
This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to missing secure flag for...
Moderate
Unreviewed
CVE-2024-41684
was published
Jul 26, 2024
Taipy has a Session Cookie without Secure and HTTPOnly flags
Moderate
GHSA-r3jq-4r5c-j9hp
was published
for
taipy
(pip)
Aug 27, 2024
IBM Concert 1.0 does not set the secure attribute on authorization tokens or session cookies....
Moderate
Unreviewed
CVE-2024-43180
was published
Sep 13, 2024
ProTip!
Advisories are also available from the
GraphQL API