GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,316
Maven
5,000+
npm
5,000+
NuGet
1,030
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,493
Swift
61
Unreviewed advisories
All unreviewed
5,000+
36 advisories
Filter by severity
SafeInstall agent guard shell parsing can miss raw package execution
High
GHSA-xrmc-c5cg-rv7x
was published
for
safeinstall-cli
(npm)
Jul 10, 2026
Tesla: Authorization header leaks on cross-origin redirect via case-sensitive filtering
High
CVE-2026-48595
was published
for
tesla
(Erlang)
Jul 10, 2026
jupyterlab-git excluded_paths Case-Sensitivity Bypass Allows Reading Excluded Directories
High
CVE-2026-54528
was published
for
jupyterlab-git
(pip)
Jun 19, 2026
Nuxt: Route-rule middleware bypass via case-sensitivity mismatch between vue-router and the routeRules matcher
High
CVE-2026-53721
was published
for
nuxt
(npm)
Jun 16, 2026
TYPO3 CMS has Broken Access Control in its Form Framework
High
CVE-2026-47346
was published
for
typo3/cms-core
(Composer)
Jun 12, 2026
FrankenPHP: Unsafe Unicode Handling in CGI Path Splitting Allows Execution of Non-PHP Files
High
CVE-2026-45062
was published
for
github.com/dunglas/frankenphp
(Go)
May 15, 2026
Apache Tomcat: LockOutRealm treats user names as case-sensitive
High
CVE-2026-43513
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
May 12, 2026
Caddy: Unsafe Unicode Handling in FastCGI splitPos Allows Execution of Non-PHP Files
High
CVE-2026-45135
was published
for
github.com/caddyserver/caddy/v2
(Go)
May 18, 2026
Heimdall: Case-sensitive host matching may lead to policy bypass
High
CVE-2026-42273
was published
for
github.com/dadrus/heimdall
(Go)
Apr 25, 2026
Heimdall: Case-sensitive handling of URL-encoded slashes may lead to inconsistent path interpretation
High
CVE-2026-42272
was published
for
github.com/dadrus/heimdall
(Go)
Apr 25, 2026
Gotenberg has incomplete fix for ExifTool arbitrary file write: case-insensitive bypass and missing HardLink/SymLink tags
High
GHSA-qmwh-9m9c-h36m
was published
for
github.com/gotenberg/gotenberg/v8
(Go)
Apr 7, 2026
prompts.chat prior to commit 1464475 contains an identity confusion vulnerability due to...
High
Unreviewed
CVE-2026-22665
was published
Apr 3, 2026
Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to bypass access restrictions...
High
Unreviewed
CVE-2004-2214
was published
Apr 29, 2022
CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as case sensitive, which allows...
High
Unreviewed
CVE-2004-2154
was published
Apr 29, 2022
register.php in Ultimate PHP Board (UPB) 1.0 and 1.0b uses an administrative account Admin with a...
High
Unreviewed
CVE-2002-1820
was published
Apr 30, 2022
An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and...
High
Unreviewed
CVE-2020-12812
was published
May 24, 2022
traefik CVE-2024-45410 fix bypass: lowercase `Connection` tokens can delete traefik-managed forwarded identity headers (for example, `X-Real-Ip`)
High
CVE-2026-29054
was published
for
github.com/traefik/traefik/v2
(Go)
Mar 4, 2026
Caddy: MatchHost becomes case-sensitive for large host lists (>100), enabling host-based route/auth bypass
High
CVE-2026-27588
was published
for
github.com/caddyserver/caddy/v2
(Go)
Feb 24, 2026
Caddy: MatchPath %xx (escaped-path) branch skips case normalization, enabling path-based route/auth bypass
High
CVE-2026-27587
was published
for
github.com/caddyserver/caddy/v2
(Go)
Feb 24, 2026
MCP Go SDK Vulnerable to Improper Handling of Case Sensitivity
High
CVE-2026-27896
was published
for
github.com/modelcontextprotocol/go-sdk
(Go)
Feb 26, 2026
SiYuan File Read API Case Sensitivity Bypass can Lead to Path Traversal
High
CVE-2026-25992
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Jan 28, 2026
Formio improperly authorized permission elevation through specially crafted request path
High
CVE-2025-67718
was published
for
formio
(npm)
Dec 10, 2025
Improper handling of case sensitivity in Jenkins OpenId Connect Authentication Plugin
High
CVE-2025-24399
was published
for
org.jenkins-ci.plugins:oic-auth
(Maven)
Jan 22, 2025
Improper handling of case sensitivity in Spring Framework
High
CVE-2022-22968
was published
for
org.springframework:spring-context
(Maven)
Apr 15, 2022
Arbitrary File Overwrite in Eclipse JGit
High
CVE-2023-4759
was published
for
org.eclipse.jgit:org.eclipse.jgit
(Maven)
Sep 18, 2023
ProTip!
Advisories are also available from the
GraphQL API