GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
28 advisories
Filter by severity
HCL BigFix Compliance is affected by a missing secure flag on a cookie. If a secure flag is not...
Low
Unreviewed
CVE-2024-30142
was published
Nov 7, 2024
IBM Concert 1.0 does not set the secure attribute on authorization tokens or session cookies....
Moderate
Unreviewed
CVE-2024-43180
was published
Sep 13, 2024
Taipy has a Session Cookie without Secure and HTTPOnly flags
Moderate
CVE-2024-47833
was published
for
taipy
(pip)
Aug 27, 2024
This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to missing secure flag for...
Moderate
Unreviewed
CVE-2024-41684
was published
Jul 26, 2024
IBM Security QRadar EDR 3.12 does not set the secure attribute on authorization tokens or session...
Moderate
Unreviewed
CVE-2023-33860
was published
Jul 10, 2024
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions ...
High
Unreviewed
CVE-2024-35211
was published
Jun 11, 2024
Session Hijacking vulnerability in Hitachi Ops Center Analyzer.This issue affects Hitachi Ops...
High
Unreviewed
CVE-2024-2493
was published
Apr 23, 2024
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 does not set the secure attribute on authorization...
Moderate
Unreviewed
CVE-2023-46179
was published
Mar 15, 2024
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3...
Moderate
Unreviewed
CVE-2023-42016
was published
Feb 9, 2024
A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been declared as...
Low
Unreviewed
CVE-2024-0349
was published
Jan 10, 2024
A vulnerability has been identified in PT-G503 Series firmware versions prior to v5.2, where the...
Low
Unreviewed
CVE-2023-5035
was published
Nov 2, 2023
Sensitive cookie in HTTPS session without 'Secure' attribute in thorsten/phpmyfaq
Moderate
CVE-2023-5866
was published
for
thorsten/phpmyfaq
(Composer)
Oct 31, 2023
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository instantsoft...
Low
Unreviewed
CVE-2023-4654
was published
Aug 31, 2023
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository it-novum...
Moderate
Unreviewed
CVE-2023-3520
was published
Jul 6, 2023
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in Johnson Controls...
Moderate
Unreviewed
CVE-2022-21940
was published
Feb 9, 2023
Pyload contains Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
Moderate
CVE-2023-0055
was published
for
pyload-ng
(pip)
Jan 5, 2023
Macaron csrf missing encryption and has sensitive cookies in HTTP session without secure attribute
High
CVE-2018-25060
was published
for
github.com/go-macaron/csrf
(Go)
Dec 30, 2022
usememos/memos missing Secure cookie attribute
Moderate
CVE-2022-4683
was published
for
github.com/usememos/memos
(Go)
Dec 23, 2022
phpMyFAQ has insecure HTTP cookies
High
CVE-2022-4409
was published
for
thorsten/phpmyfaq
(Composer)
Dec 11, 2022
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/minarca...
Moderate
Unreviewed
CVE-2022-3251
was published
Sep 22, 2022
rdiffweb has insecure HTTP cookies
Moderate
CVE-2022-3250
was published
for
rdiffweb
(pip)
Sep 22, 2022
rdiffweb vulnerable to Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
High
CVE-2022-3174
was published
for
rdiffweb
(pip)
Sep 14, 2022
Insecure cookies in Openshift Origin
Moderate
CVE-2015-3207
was published
for
github.com/openshift/origin
(Go)
Jul 8, 2022
Within the Service Desk module of the ITarian platform (SAAS and on-premise), a remote attacker...
High
Unreviewed
CVE-2022-25151
was published
Jun 10, 2022
LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client...
Moderate
Unreviewed
CVE-2021-3882
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API