Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

10 advisories

Loading
Reliance on Cookies without validation in OctoberCMS Moderate
CVE-2020-15128 was published for october/rain (Composer) Aug 5, 2020
Lack of protection against cookie tossing attacks in fastify-csrf Moderate
CVE-2021-29624 was published for fastify-csrf (npm) May 17, 2021
Reliance on Cookies without Validation and Integrity Checking in getgrav/grav Moderate
CVE-2021-3818 was published for getgrav/grav (Composer) Sep 29, 2021
Rails Multisite secure/signed cookies share secrets between sites in a multi-site application Moderate
CVE-2021-41263 was published for rails_multisite (RubyGems) Nov 15, 2021
Cookie Prefix Spoofing in CGI::Cookie.parse High
CVE-2021-41819 was published for cgi (RubyGems) Jan 21, 2022
kir-b
Centreon Does Not Set HTTPOnly Flag High
CVE-2019-17104 was published for centreon/centreon (Composer) May 24, 2022
Cross-domain cookie leakage in Guzzle High
CVE-2022-29248 was published for guzzlehttp/guzzle (Composer) May 25, 2022
ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent Moderate
CVE-2022-36032 was published for react/http (Composer) Sep 16, 2022
lavish
Cross site scripting (XSS) in JupyterHub via Self-XSS leveraged by Cookie Tossing High
CVE-2024-28233 was published for jupyterhub (pip) Mar 28, 2024
Th0h0
github.com/gitpod-io/gitpod vulnerable to Cookie Tossing Moderate
CVE-2024-21583 was published for github.com/gitpod-io/gitpod (Go) Jul 19, 2024
ProTip! Advisories are also available from the GraphQL API