Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,743
Erlang
35
GitHub Actions
29
Go
2,318
Maven
5,000+
npm
3,950
NuGet
711
pip
3,730
Pub
12
RubyGems
920
Rust
965
Swift
38
Unreviewed advisories
All unreviewed
5,000+

22 advisories

Loading
A flaw was found in libsoup. When handling cookies, libsoup clients mistakenly allow cookies to... Moderate Unreviewed
CVE-2025-4035 was published Apr 29, 2025
Flask-CORS vulnerable to Improper Handling of Case Sensitivity Moderate
CVE-2024-6866 was published for flask-cors (pip) Mar 20, 2025
adrianosela
Apache Camel: Camel Message Header Injection via Improper Filtering Moderate
CVE-2025-27636 was published for org.apache.camel:camel-support (Maven) Mar 9, 2025
daltonking90
Drupal core Access bypass Moderate
CVE-2024-55634 was published for drupal/core (Composer) Dec 10, 2024
Spring LDAP data exposure vulnerability Moderate
CVE-2024-38829 was published for org.springframework.ldap:spring-ldap-core (Maven) Dec 4, 2024
Spring Framework DataBinder Case Sensitive Match Exception Moderate
CVE-2024-38820 was published for org.springframework:spring-context (Maven) Oct 18, 2024
jw123023 levpachmanov
joshbressers
social-auth-app-django affected by Improper Handling of Case Sensitivity Moderate
CVE-2024-32879 was published for social-auth-app-django (pip) Apr 24, 2024
bradenmacdonald nijel
Windows DNS Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-28328. Moderate Unreviewed
CVE-2021-28323 was published May 24, 2022
In OpenEMR, versions v2.7.2-rc1 to 6.0.0 are vulnerable to Improper Access Control when creating... Moderate Unreviewed
CVE-2021-25920 was published May 24, 2022
A security feature bypass vulnerability exists when Windows Subsystem for Linux improperly... Moderate Unreviewed
CVE-2018-8337 was published May 13, 2022
Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607,... Moderate Unreviewed
CVE-2017-8493 was published May 13, 2022
Norton Anti-Virus (NAV) allows remote attackers to bypass content filtering via attachments whose... Moderate Unreviewed
CVE-2002-0485 was published Apr 30, 2022
Task Manager in Windows 2000 does not allow local users to end processes with uppercase letters... Moderate Unreviewed
CVE-2001-1238 was published Apr 30, 2022
Perception LiteServe 1.25 allows remote attackers to obtain source code of CGI scripts via URLs... Moderate Unreviewed
CVE-2001-0795 was published Apr 30, 2022
Unify eWave ServletExec allows a remote attacker to view source code of a JSP program by... Moderate Unreviewed
CVE-2000-0498 was published Apr 30, 2022
IBM WebSphere server 3.0.2 allows a remote attacker to view source code of a JSP program by... Moderate Unreviewed
CVE-2000-0497 was published Apr 30, 2022
The default configuration of BEA WebLogic 3.1.8 through 4.5.1 allows a remote attacker to view... Moderate Unreviewed
CVE-2000-0499 was published Apr 30, 2022
Netscape FastTrack Web server lists files when a lowercase "get" command is used instead of an... Moderate Unreviewed
CVE-1999-0239 was published Apr 30, 2022
Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner,... Moderate Unreviewed
CVE-2004-1083 was published Apr 29, 2022
Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source... Moderate Unreviewed
CVE-2003-0411 was published Apr 29, 2022
In isFileUri of UriUtil.java, there is a possible way to bypass ignoring file://URI attachment... Moderate Unreviewed
CVE-2021-0973 was published Dec 16, 2021
Redirect URL matching ignores character casing Moderate
CVE-2020-15234 was published for github.com/ory/fosite (Go) May 24, 2021
mitar
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database