Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

34 advisories

Loading
@microsoft/kiota-http-fetchlibrary: Bearer token and Cookie leak across origin on redirect due to case-mismatched scrub in fetchRequestAdapter Moderate
CVE-2026-49336 was published for @microsoft/kiota-http-fetchlibrary (npm) Jun 26, 2026
tonghuaroot Credited to tonghuaroot, baywet, and adrian05-ms baywet baywet
adrian05-ms adrian05-ms
MCPVault: PathFilter restricted-directory deny-list bypass via case and trailing dot/space equivalence Moderate
GHSA-j99q-93c9-h869 was published for @bitbonsai/mcpvault (npm) Jun 18, 2026
tuf has platform-dependent delegation path matching Moderate
GHSA-qp9x-wp8f-qgjj was published for tuf (pip) May 28, 2026
kodareef5 Credited to kodareef5
Envoy AI Proxy - MCP Message Smuggling Vulnerability Moderate
GHSA-4gph-2hhr-5mwg was published for github.com/envoyproxy/ai-gateway (Go) May 19, 2026
anaximand3r Credited to anaximand3r
justhtml includes multiple security fixes Moderate
GHSA-c9vm-hv86-f23r was published for justhtml (pip) Apr 10, 2026
EmilStenstrom Credited to EmilStenstrom
OpenClaw: Windows-compatible env override keys could bypass system.run approval binding Moderate
GHSA-98ch-45wp-ch47 was published for openclaw (npm) Apr 7, 2026
wsparks-vc Credited to wsparks-vc and iskindar iskindar iskindar
OpenClaw: Exec approval allowlist patterns overmatched on POSIX paths Moderate
GHSA-f8r2-vg7x-gh8m was published for openclaw (npm) Mar 13, 2026
zpbrent Credited to zpbrent
File Browser has an Authentication Bypass in User Password Update Moderate
CVE-2026-25889 was published for github.com/filebrowser/filebrowser/v2 (Go) Feb 10, 2026
dogadmin Credited to dogadmin and hacdias hacdias hacdias
elysia-cors Origin Validation Error Moderate
CVE-2025-50864 was published for @elysiajs/cors (npm) Aug 20, 2025
Flask-CORS vulnerable to Improper Handling of Case Sensitivity Moderate
CVE-2024-6866 was published for flask-cors (pip) Mar 20, 2025
adrianosela Credited to adrianosela
Apache Camel: Camel Message Header Injection via Improper Filtering Moderate
CVE-2025-27636 was published for org.apache.camel:camel-support (Maven) Mar 9, 2025
daltonking90 Credited to daltonking90
Drupal core Access bypass Moderate
CVE-2024-55634 was published for drupal/core (Composer) Dec 10, 2024
Spring LDAP data exposure vulnerability Moderate
CVE-2024-38829 was published for org.springframework.ldap:spring-ldap-core (Maven) Dec 4, 2024
Spring Framework DataBinder Case Sensitive Match Exception Moderate
CVE-2024-38820 was published for org.springframework:spring-context (Maven) Oct 18, 2024
jw123023 Credited to jw123023, levpachmanov, and joshbressers levpachmanov levpachmanov
joshbressers joshbressers
social-auth-app-django affected by Improper Handling of Case Sensitivity Moderate
CVE-2024-32879 was published for social-auth-app-django (pip) Apr 24, 2024
bradenmacdonald Credited to bradenmacdonald and nijel nijel nijel
Windows DNS Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-28328. Moderate Unreviewed
CVE-2021-28323 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API