GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,295
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
89 advisories
Filter by severity
SafeInstall agent guard shell parsing can miss raw package execution
High
GHSA-xrmc-c5cg-rv7x
was published
for
safeinstall-cli
(npm)
Jul 10, 2026
Tesla: Authorization header leaks on cross-origin redirect via case-sensitive filtering
High
CVE-2026-48595
was published
for
tesla
(Erlang)
Jul 10, 2026
A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. Affected...
Low
Unreviewed
CVE-2026-14617
was published
Jul 4, 2026
Flowise before 3.1.3 validates Custom MCP stdio environment variables against a denylist using a...
Low
Unreviewed
CVE-2026-58057
was published
Jun 28, 2026
Authelia has an Edge Case Access Control Rule Mismatch
Low
CVE-2026-48794
was published
for
github.com/authelia/authelia/v4
(Go)
Jun 26, 2026
@microsoft/kiota-http-fetchlibrary: Bearer token and Cookie leak across origin on redirect due to case-mismatched scrub in fetchRequestAdapter
Moderate
CVE-2026-49336
was published
for
@microsoft/kiota-http-fetchlibrary
(npm)
Jun 26, 2026
jupyterlab-git excluded_paths Case-Sensitivity Bypass Allows Reading Excluded Directories
High
CVE-2026-54528
was published
for
jupyterlab-git
(pip)
Jun 19, 2026
Nokogiri: XML::Schema on JRuby allows network requests when NONET is set, bypassing CVE-2020-26247
Low
GHSA-8678-w3jw-xfc2
was published
for
nokogiri
(RubyGems)
Jun 19, 2026
OpenFGA Improper Policy Enforcement
Low
CVE-2026-55170
was published
for
github.com/openfga/openfga
(Go)
Jun 18, 2026
MCPVault: PathFilter restricted-directory deny-list bypass via case and trailing dot/space equivalence
Moderate
GHSA-j99q-93c9-h869
was published
for
@bitbonsai/mcpvault
(npm)
Jun 18, 2026
Nuxt: Route-rule middleware bypass via case-sensitivity mismatch between vue-router and the routeRules matcher
High
CVE-2026-53721
was published
for
nuxt
(npm)
Jun 16, 2026
TYPO3 CMS has Broken Access Control in its Form Framework
High
CVE-2026-47346
was published
for
typo3/cms-core
(Composer)
Jun 12, 2026
An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6.
`django.middleware...
Low
Unreviewed
CVE-2026-8404
was published
Jun 3, 2026
Authelia Missing Username Canonicalization in Basic Auth (LDAP)
Low
CVE-2026-47203
was published
for
github.com/authelia/authelia/v4
(Go)
May 29, 2026
tuf has platform-dependent delegation path matching
Moderate
GHSA-qp9x-wp8f-qgjj
was published
for
tuf
(pip)
May 28, 2026
Envoy AI Proxy - MCP Message Smuggling Vulnerability
Moderate
GHSA-4gph-2hhr-5mwg
was published
for
github.com/envoyproxy/ai-gateway
(Go)
May 19, 2026
Camel-CXF and Camel-Knative Message Header are Vulnerable to Injection via Missing Inbound Filtering
Critical
CVE-2026-47323
was published
for
org.apache.camel:camel-cxf-rest
(Maven)
May 19, 2026
Caddy: Unsafe Unicode Handling in FastCGI splitPos Allows Execution of Non-PHP Files
High
CVE-2026-45135
was published
for
github.com/caddyserver/caddy/v2
(Go)
May 18, 2026
FrankenPHP: Unsafe Unicode Handling in CGI Path Splitting Allows Execution of Non-PHP Files
High
CVE-2026-45062
was published
for
github.com/dunglas/frankenphp
(Go)
May 15, 2026
Apache Tomcat: LockOutRealm treats user names as case-sensitive
High
CVE-2026-43513
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
May 12, 2026
A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive...
Moderate
Unreviewed
CVE-2026-3833
was published
Apr 30, 2026
Apache Camel has an incomplete fix for CVE-2025-27636
Critical
CVE-2026-40453
was published
for
org.apache.camel:camel-coap
(Maven)
Apr 27, 2026
Heimdall: Case-sensitive host matching may lead to policy bypass
High
CVE-2026-42273
was published
for
github.com/dadrus/heimdall
(Go)
Apr 25, 2026
Heimdall: Case-sensitive handling of URL-encoded slashes may lead to inconsistent path interpretation
High
CVE-2026-42272
was published
for
github.com/dadrus/heimdall
(Go)
Apr 25, 2026
Multiple security fixes in justhtml
Low
GHSA-4p64-v8f5-r2gx
was published
for
justhtml
(pip)
Apr 14, 2026
ProTip!
Advisories are also available from the
GraphQL API