Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,939
Maven
5,000+
npm
3,677
NuGet
643
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

450 advisories

Loading
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/minarca... Moderate Unreviewed
CVE-2022-3251 was published Sep 22, 2022
rdiffweb has insecure HTTP cookies Moderate
CVE-2022-3250 was published for rdiffweb (pip) Sep 22, 2022
rdiffweb 2.4.1 vulnerable to Sensitive Cookie in HTTPS Session Without 'Secure' Attribute High
CVE-2022-3174 was published for rdiffweb (pip) Sep 14, 2022
Under certain conditions SAP BusinessObjects Business Intelligence Platform Central Management... Moderate Unreviewed
CVE-2022-39014 was published Sep 14, 2022
The Baxter Spectrum Wireless Battery Module (WBM) stores network credentials and PHI (only... Moderate Unreviewed
CVE-2022-26390 was published Sep 10, 2022
In Esri Portal for ArcGIS versions 10.8.1, a system property is not properly encrypted. This may... Moderate Unreviewed
CVE-2022-38194 was published Aug 17, 2022
In multiple functions of StorageManagerService.java and UserManagerService.java, there is a... Moderate Unreviewed
CVE-2022-20219 was published Jul 14, 2022
Insecure cookies in Openshift Origin Moderate
CVE-2015-3207 was published for github.com/openshift/origin (Go) Jul 8, 2022
AES OCB fails to encrypt some bytes High
CVE-2022-2097 was published for openssl-src (Rust) Jul 6, 2022
another-rex
In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the application and not have... Moderate Unreviewed
CVE-2021-40650 was published Jun 15, 2022
A CWE-311: Missing Encryption of Sensitive Data vulnerability exists that could allow... High Unreviewed
CVE-2022-30237 was published Jun 3, 2022
VersionVault Express exposes sensitive information that an attacker can use to impersonate the... Critical Unreviewed
CVE-2021-27779 was published May 26, 2022
User generated PPKG file for Bulk Enroll may have unencrypted sensitive information exposed. Moderate Unreviewed
CVE-2021-27783 was published May 26, 2022
ECOA BAS controller stores sensitive data (backup exports) in clear-text, thus the... High Unreviewed
CVE-2021-41302 was published May 24, 2022
An issue has been identified in the CTX269106 mitigation tool for Citrix ShareFile storage zones... High Unreviewed
CVE-2021-22932 was published May 24, 2022
A vulnerability has been identified in Climatix POL909 (AWM module) (All versions < V11.34). The... High Unreviewed
CVE-2021-40366 was published May 24, 2022
Meross Smart Wi-Fi 2 Way Wall Switch (MSS550X), on its 3.1.3 version and before, creates an open... Moderate Unreviewed
CVE-2021-3774 was published May 24, 2022
The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7.2 and previous versions.... Moderate Unreviewed
CVE-2021-35236 was published May 24, 2022
On systems running Arista EOS and CloudEOS with the affected release version, when using shared... Moderate Unreviewed
CVE-2021-28496 was published May 24, 2022
LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client... Moderate Unreviewed
CVE-2021-3882 was published May 24, 2022
MagicMotion Flamingo 2 lacks BLE encryption, enabling data sniffing and packet forgery. Moderate Unreviewed
CVE-2020-12730 was published May 24, 2022
Missing Encryption of Sensitive Data vulnerability exists in EcoStruxure Control Expert (all... Moderate Unreviewed
CVE-2021-22782 was published May 24, 2022
A missing cryptographic step in the Identity-Based Encryption service of FortiMail before 7.0.0... High Unreviewed
CVE-2021-26100 was published May 24, 2022
Quassel through 0.13.1, when --require-ssl is enabled, launches without SSL or TLS support if a... High Unreviewed
CVE-2021-34825 was published May 24, 2022
IBM Resilient SOAR V38.0 could allow a local privileged attacker to obtain sensitive information... Moderate Unreviewed
CVE-2021-20567 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database