Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,750
Maven
5,000+
npm
4,353
NuGet
765
pip
4,114
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

51 advisories

Filter by severity
All severities
Low
Moderate
High
Critical
Loading
Formio improperly authorized permission elevation through specially crafted request path High
CVE-2025-67718 was published for formio (npm) Dec 10, 2025
elysia-cors Origin Validation Error Moderate
CVE-2025-50864 was published for @elysiajs/cors (npm) Aug 20, 2025
Apache Tomcat - CGI security constraint bypass Low
CVE-2025-46701 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) May 29, 2025
A flaw was found in libsoup. When handling cookies, libsoup clients mistakenly allow cookies to... Moderate Unreviewed
CVE-2025-4035 was published Apr 29, 2025
Flask-CORS vulnerable to Improper Handling of Case Sensitivity Moderate
CVE-2024-6866 was published for flask-cors (pip) Mar 20, 2025
adrianosela
Credited to adrianosela
Apache Camel: Camel Message Header Injection via Improper Filtering Moderate
CVE-2025-27636 was published for org.apache.camel:camel-support (Maven) Mar 9, 2025
daltonking90
Credited to daltonking90
Improper handling of case sensitivity in Jenkins OpenId Connect Authentication Plugin High
CVE-2025-24399 was published for org.jenkins-ci.plugins:oic-auth (Maven) Jan 22, 2025
Gradio Blocked Path ACL Bypass Vulnerability Critical
CVE-2025-23042 was published for gradio (pip) Jan 14, 2025
superboy-zjcjackfromeast
Credited to superboy-zjc and jackfromeast
Drupal core Access bypass Moderate
CVE-2024-55634 was published for drupal/core (Composer) Dec 10, 2024
Spring LDAP data exposure vulnerability Moderate
CVE-2024-38829 was published for org.springframework.ldap:spring-ldap-core (Maven) Dec 4, 2024
Spring Framework DataBinder Case Sensitive Match Exception Moderate
CVE-2024-38820 was published for org.springframework:spring-context (Maven) Oct 18, 2024
jw123023levpachmanov
joshbressers
Credited to jw123023, levpachmanov, and joshbressers
In violation of spec, cookie prefixes such as `__Secure` were being ignored if they were not... Critical Unreviewed
CVE-2024-5699 was published Jun 11, 2024
social-auth-app-django affected by Improper Handling of Case Sensitivity Moderate
CVE-2024-32879 was published for social-auth-app-django (pip) Apr 24, 2024
bradenmacdonaldnijel
Credited to bradenmacdonald and nijel
Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem High
CVE-2024-23331 was published for vite (npm) Jan 19, 2024
dariushoule
Credited to dariushoule
This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back... Moderate Unreviewed
CVE-2023-46218 was published Dec 7, 2023
Improper sanitisation in `main/inc/lib/fileUpload.lib.php` in Chamilo LMS <= v1.11.20 on Windows... Critical Unreviewed
CVE-2023-3545 was published Nov 28, 2023
Arbitrary File Overwrite in Eclipse JGit High
CVE-2023-4759 was published for org.eclipse.jgit:org.eclipse.jgit (Maven) Sep 18, 2023
mattberry3
Credited to mattberry3
An issue was discovered in ONOS 2.5.1. An intent with an uppercase letter in a device ID shows... Critical Unreviewed
CVE-2022-29604 was published Apr 20, 2023
Privilege escalation in MOSN Critical
CVE-2021-32163 was published for mosn.io/mosn (Go) Feb 17, 2023
The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files,... High Unreviewed
CVE-2021-24347 was published May 24, 2022
Windows DNS Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-28328. Moderate Unreviewed
CVE-2021-28323 was published May 24, 2022
In OpenEMR, versions v2.7.2-rc1 to 6.0.0 are vulnerable to Improper Access Control when creating... Moderate Unreviewed
CVE-2021-25920 was published May 24, 2022
An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and... High Unreviewed
CVE-2020-12812 was published May 24, 2022
Etherpad Lite before 1.6.4 is exploitable for admin access. Critical Unreviewed
CVE-2018-9845 was published May 13, 2022
A security feature bypass vulnerability exists when Windows Subsystem for Linux improperly... Moderate Unreviewed
CVE-2018-8337 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database