Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,780
Erlang
36
GitHub Actions
29
Go
2,344
Maven
5,000+
npm
3,973
NuGet
719
pip
3,770
Pub
12
RubyGems
923
Rust
978
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

14 advisories

Loading
Sensitive Cookie Without 'HttpOnly' Flag in GitHub repository lirantal/daloradius prior to master. Moderate Unreviewed
CVE-2022-4630 was published Dec 21, 2022
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 the HttpOnly attribute is not set on a... Low Unreviewed
CVE-2021-34563 was published May 24, 2022
An information disclosure vulnerability exists in the web interface session cookie functionality... Moderate Unreviewed
CVE-2022-25172 was published May 13, 2022
Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Johnson Controls System Configuration... Moderate Unreviewed
CVE-2022-21939 was published Feb 9, 2023
A vulnerability has been identified in PT-G503 Series versions prior to v5.2, where the session... Low Unreviewed
CVE-2023-4217 was published Nov 2, 2023
Sensitive Cookie Without 'HttpOnly' Flag vulnerability in ABB REX640 PCL1 (firmware modules), ABB... Moderate Unreviewed
CVE-2023-2876 was published Jun 13, 2023
A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6... Moderate Unreviewed
CVE-2023-4228 was published Aug 24, 2023
This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to missing HTTPOnly flag for... Moderate Unreviewed
CVE-2024-41685 was published Jul 26, 2024
IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could... Low Unreviewed
CVE-2022-33167 was published Jul 30, 2024
IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive... Low Unreviewed
CVE-2022-43845 was published Sep 25, 2024
The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag... Moderate Unreviewed
CVE-2024-6739 was published Jul 15, 2024
Cookie policy is observable via built-in browser tools. In the presence of XSS, this could lead... Moderate Unreviewed
CVE-2025-24318 was published Feb 28, 2025
An issue was discovered in Znuny through 7.1.3. A cookie is set without the HttpOnly flag. Critical Unreviewed
CVE-2025-26844 was published May 8, 2025
The HttpOnlyflag of the session cookie \"@@\" is set to false. Since this flag helps preventing... Moderate Unreviewed
CVE-2025-49189 was published Jun 12, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database