Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,950
Erlang
39
GitHub Actions
38
Go
2,603
Maven
5,000+
npm
4,250
NuGet
755
pip
4,013
Pub
12
RubyGems
953
Rust
1,048
Swift
45
Unreviewed advisories
All unreviewed
5,000+

50 advisories

Loading
An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and... High Unreviewed
CVE-2020-12812 was published May 24, 2022
elysia-cors Origin Validation Error Moderate
CVE-2025-50864 was published for @elysiajs/cors (npm) Aug 20, 2025
Apache Tomcat - CGI security constraint bypass Low
CVE-2025-46701 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) May 29, 2025
This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back... Moderate Unreviewed
CVE-2023-46218 was published Dec 7, 2023
Spring Framework DataBinder Case Sensitive Match Exception Moderate
CVE-2024-38820 was published for org.springframework:spring-context (Maven) Oct 18, 2024
jw123023 levpachmanov
joshbressers
Credited to jw123023, levpachmanov, and joshbressers
A flaw was found in libsoup. When handling cookies, libsoup clients mistakenly allow cookies to... Moderate Unreviewed
CVE-2025-4035 was published Apr 29, 2025
Flask-CORS vulnerable to Improper Handling of Case Sensitivity Moderate
CVE-2024-6866 was published for flask-cors (pip) Mar 20, 2025
adrianosela
Credited to adrianosela
In OpenEMR, versions v2.7.2-rc1 to 6.0.0 are vulnerable to Improper Access Control when creating... Moderate Unreviewed
CVE-2021-25920 was published May 24, 2022
Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner,... Moderate Unreviewed
CVE-2004-1083 was published Apr 29, 2022
Apache Camel: Camel Message Header Injection via Improper Filtering Moderate
CVE-2025-27636 was published for org.apache.camel:camel-support (Maven) Mar 9, 2025
daltonking90
Credited to daltonking90
Improper handling of case sensitivity in Jenkins OpenId Connect Authentication Plugin High
CVE-2025-24399 was published for org.jenkins-ci.plugins:oic-auth (Maven) Jan 22, 2025
Gradio Blocked Path ACL Bypass Vulnerability Critical
CVE-2025-23042 was published for gradio (pip) Jan 14, 2025
superboy-zjc jackfromeast
Credited to superboy-zjc and jackfromeast
Drupal core Access bypass Moderate
CVE-2024-55634 was published for drupal/core (Composer) Dec 10, 2024
Spring LDAP data exposure vulnerability Moderate
CVE-2024-38829 was published for org.springframework.ldap:spring-ldap-core (Maven) Dec 4, 2024
social-auth-app-django affected by Improper Handling of Case Sensitivity Moderate
CVE-2024-32879 was published for social-auth-app-django (pip) Apr 24, 2024
bradenmacdonald nijel
Credited to bradenmacdonald and nijel
In violation of spec, cookie prefixes such as `__Secure` were being ignored if they were not... Critical Unreviewed
CVE-2024-5699 was published Jun 11, 2024
Improper handling of case sensitivity in Spring Framework High
CVE-2022-22968 was published for org.springframework:spring-context (Maven) Apr 15, 2022
tdunlap607 amita-seal
SunBK201
Credited to tdunlap607, amita-seal, and SunBK201
Arbitrary File Overwrite in Eclipse JGit High
CVE-2023-4759 was published for org.eclipse.jgit:org.eclipse.jgit (Maven) Sep 18, 2023
mattberry3
Credited to mattberry3
An issue was discovered in ONOS 2.5.1. An intent with an uppercase letter in a device ID shows... Critical Unreviewed
CVE-2022-29604 was published Apr 20, 2023
CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as case sensitive, which allows... High Unreviewed
CVE-2004-2154 was published Apr 29, 2022
Novell eDirectory 8.6.2 and 8.7 use case insensitive passwords, which makes it easier for remote... High Unreviewed
CVE-2002-2119 was published Apr 30, 2022
Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to bypass access restrictions... High Unreviewed
CVE-2004-2214 was published Apr 29, 2022
register.php in Ultimate PHP Board (UPB) 1.0 and 1.0b uses an administrative account Admin with a... High Unreviewed
CVE-2002-1820 was published Apr 30, 2022
The file extension check in GNUBoard 3.40 and earlier only verifies extensions that contain all... High Unreviewed
CVE-2005-0269 was published May 1, 2022
Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source... Moderate Unreviewed
CVE-2003-0411 was published Apr 29, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database