GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,218
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
37 advisories
Filter by severity
The FlowMaster BPM Plus system from NewType has a privilege escalation vulnerability. Remote...
High
Unreviewed
CVE-2024-9970
was published
Oct 15, 2024
The WP 2FA with Telegram plugin for WordPress is vulnerable to Two-Factor Authentication Bypass...
Moderate
Unreviewed
CVE-2024-9820
was published
Oct 15, 2024
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on...
Moderate
Unreviewed
CVE-2024-39734
was published
Jul 14, 2024
Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics...
Critical
Unreviewed
CVE-2024-0947
was published
Jun 27, 2024
The device allows an unauthenticated attacker to bypass authentication
and modify the cookie to...
High
Unreviewed
CVE-2024-21872
was published
Apr 19, 2024
The application suffers from a privilege escalation vulnerability. An
attacker logged in as...
High
Unreviewed
CVE-2024-22186
was published
Apr 19, 2024
Ruijie RG-NBR700GW 10.3(4b12) router lacks cookie verification when resetting the password,...
Critical
Unreviewed
CVE-2024-28288
was published
Mar 30, 2024
The website configured in the URL widget will receive a session cookie when testing or executing...
High
Unreviewed
CVE-2023-32725
was published
Dec 22, 2023
** UNSUPPPORTED WHEN ASSIGNED **
Session management within the web application is...
Critical
Unreviewed
CVE-2023-41084
was published
Sep 18, 2023
CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication.
Critical
Unreviewed
CVE-2023-35885
was published
Jun 20, 2023
Reliance on Cookies without Validation and Integrity Checking in a Security Decision...
Critical
Unreviewed
CVE-2023-3050
was published
Jun 13, 2023
All versions of Landis+Gyr E850 (ZMQ200) are vulnerable to CWE-784: Reliance on Cookies Without...
Moderate
Unreviewed
CVE-2022-3083
was published
Feb 1, 2023
UCMS v1.6.0 contains an authentication bypass vulnerability which is exploited via cookie poisoning.
Critical
Unreviewed
CVE-2022-38297
was published
Sep 13, 2022
Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.79 allowed a...
Moderate
Unreviewed
CVE-2022-2615
was published
Aug 13, 2022
IBM Security Verify Information Queue 10.0.2 could disclose sensitive information due to a...
High
Unreviewed
CVE-2022-35284
was published
Jul 26, 2022
Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session...
Moderate
Unreviewed
CVE-2021-40642
was published
Jun 30, 2022
A vulnerability, which was classified as critical, was found in MONyog Ultimate 6.63. This...
High
Unreviewed
CVE-2016-15002
was published
Jun 10, 2022
The Vangene deltaFlow E-platform does not take properly protective measures. Attackers can obtain...
Critical
Unreviewed
CVE-2021-28171
was published
May 24, 2022
IBM Security Guardium Big Data Intelligence (SonarG) 4.0 does not set the secure attribute for...
Moderate
Unreviewed
CVE-2019-4330
was published
May 24, 2022
Linear eMerge 50P/5000P devices allow Authentication Bypass.
Critical
Unreviewed
CVE-2019-7266
was published
May 24, 2022
Improper Authentication vulnerability in the cookie parameter of Circutor SGE-PLC1000 firmware...
High
Unreviewed
CVE-2021-33842
was published
May 24, 2022
DMA Softlab Radius Manager 4.4.0 assigns the same session cookie to every admin session. The...
Critical
Unreviewed
CVE-2021-29012
was published
May 24, 2022
When a user downloaded a file in Firefox for Android, if a cookie is set, it would have been re...
Moderate
Unreviewed
CVE-2020-26955
was published
May 24, 2022
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is...
Moderate
Unreviewed
CVE-2020-7070
was published
May 24, 2022
IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive...
Moderate
Unreviewed
CVE-2019-4305
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API