Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,247
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

43 advisories

Loading
An issue in upload.csp of FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows attackers to write... High Unreviewed
CVE-2022-28113 was published Apr 16, 2022
DMA Softlab Radius Manager 4.4.0 assigns the same session cookie to every admin session. The... Critical Unreviewed
CVE-2021-29012 was published May 24, 2022
A vulnerability, which was classified as critical, was found in MONyog Ultimate 6.63. This... High Unreviewed
CVE-2016-15002 was published Jun 10, 2022
The Vangene deltaFlow E-platform does not take properly protective measures. Attackers can obtain... Critical Unreviewed
CVE-2021-28171 was published May 24, 2022
Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session... Moderate Unreviewed
CVE-2021-40642 was published Jun 30, 2022
IBM Security Verify Information Queue 10.0.2 could disclose sensitive information due to a... High Unreviewed
CVE-2022-35284 was published Jul 26, 2022
ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent Moderate
CVE-2022-36032 was published for react/http (Composer) Sep 16, 2022
lavish
IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive... Moderate Unreviewed
CVE-2019-4305 was published May 24, 2022
Lack of protection against cookie tossing attacks in fastify-csrf Moderate
CVE-2021-29624 was published for fastify-csrf (npm) May 17, 2021
The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0... Critical Unreviewed
CVE-2022-22785 was published May 19, 2022
Linear eMerge 50P/5000P devices allow Authentication Bypass. Critical Unreviewed
CVE-2019-7266 was published May 24, 2022
IBM Security Guardium Big Data Intelligence (SonarG) 4.0 does not set the secure attribute for... Moderate Unreviewed
CVE-2019-4330 was published May 24, 2022
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is... Moderate Unreviewed
CVE-2020-7070 was published May 24, 2022
When a user downloaded a file in Firefox for Android, if a cookie is set, it would have been re... Moderate Unreviewed
CVE-2020-26955 was published May 24, 2022
Reliance on Cookies without validation in OctoberCMS Moderate
CVE-2020-15128 was published for october/rain (Composer) Aug 5, 2020
An issue was discovered in LAOBANCMS 2.0. /admin/login.php allows spoofing of the id and... High Unreviewed
CVE-2018-19224 was published May 13, 2022
Reliance on Cookies without Validation and Integrity Checking in getgrav/grav Moderate
CVE-2021-3818 was published for getgrav/grav (Composer) Sep 29, 2021
Google Chrome before 15.0.874.102 does not properly handle javascript: URLs, which allows remote... Moderate Unreviewed
CVE-2011-3887 was published May 13, 2022
Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.79 allowed a... Moderate Unreviewed
CVE-2022-2615 was published Aug 13, 2022
Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation vulnerability.... High Unreviewed
CVE-2021-36338 was published Jan 22, 2022
Privilege escalation vulnerability on the DIGISOL DG-HR1400 1.00.02 wireless router enables an... High Unreviewed
CVE-2017-6896 was published May 13, 2022
An unprivileged user of the Unitrends Enterprise Backup before 9.0.0 web server can escalate to... Critical Unreviewed
CVE-2017-7279 was published May 13, 2022
The Cloud Controller and Router in Cloud Foundry (CAPI-release capi versions prior to v1.32.0,... Moderate Unreviewed
CVE-2017-8034 was published May 13, 2022
EPON CPE-WiFi devices 2.0.4-X000 are vulnerable to escalation of privileges by sending cooLogin=1... Critical Unreviewed
CVE-2018-20512 was published May 13, 2022
PicturesPro Photo Cart 6 and 7 before Security-Patch-2018-B allows remote attackers to access... Critical Unreviewed
CVE-2018-5190 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API