GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,297
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,493
Swift
61
Unreviewed advisories
All unreviewed
5,000+
34 advisories
Filter by severity
@microsoft/kiota-http-fetchlibrary: Bearer token and Cookie leak across origin on redirect due to case-mismatched scrub in fetchRequestAdapter
Moderate
CVE-2026-49336
was published
for
@microsoft/kiota-http-fetchlibrary
(npm)
Jun 26, 2026
MCPVault: PathFilter restricted-directory deny-list bypass via case and trailing dot/space equivalence
Moderate
GHSA-j99q-93c9-h869
was published
for
@bitbonsai/mcpvault
(npm)
Jun 18, 2026
tuf has platform-dependent delegation path matching
Moderate
GHSA-qp9x-wp8f-qgjj
was published
for
tuf
(pip)
May 28, 2026
Envoy AI Proxy - MCP Message Smuggling Vulnerability
Moderate
GHSA-4gph-2hhr-5mwg
was published
for
github.com/envoyproxy/ai-gateway
(Go)
May 19, 2026
A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive...
Moderate
Unreviewed
CVE-2026-3833
was published
Apr 30, 2026
justhtml includes multiple security fixes
Moderate
GHSA-c9vm-hv86-f23r
was published
for
justhtml
(pip)
Apr 10, 2026
OpenClaw: Windows-compatible env override keys could bypass system.run approval binding
Moderate
GHSA-98ch-45wp-ch47
was published
for
openclaw
(npm)
Apr 7, 2026
Improper Handling of Case Sensitivity vulnerability in Drupal OpenID Connect / OAuth client...
Moderate
Unreviewed
CVE-2026-3532
was published
Mar 26, 2026
OpenClaw: Exec approval allowlist patterns overmatched on POSIX paths
Moderate
GHSA-f8r2-vg7x-gh8m
was published
for
openclaw
(npm)
Mar 13, 2026
File Browser has an Authentication Bypass in User Password Update
Moderate
CVE-2026-25889
was published
for
github.com/filebrowser/filebrowser/v2
(Go)
Feb 10, 2026
elysia-cors Origin Validation Error
Moderate
CVE-2025-50864
was published
for
@elysiajs/cors
(npm)
Aug 20, 2025
A flaw was found in libsoup. When handling cookies, libsoup clients mistakenly allow cookies to...
Moderate
Unreviewed
CVE-2025-4035
was published
Apr 29, 2025
Flask-CORS vulnerable to Improper Handling of Case Sensitivity
Moderate
CVE-2024-6866
was published
for
flask-cors
(pip)
Mar 20, 2025
Apache Camel: Camel Message Header Injection via Improper Filtering
Moderate
CVE-2025-27636
was published
for
org.apache.camel:camel-support
(Maven)
Mar 9, 2025
Drupal core Access bypass
Moderate
CVE-2024-55634
was published
for
drupal/core
(Composer)
Dec 10, 2024
Spring LDAP data exposure vulnerability
Moderate
CVE-2024-38829
was published
for
org.springframework.ldap:spring-ldap-core
(Maven)
Dec 4, 2024
Spring Framework DataBinder Case Sensitive Match Exception
Moderate
CVE-2024-38820
was published
for
org.springframework:spring-context
(Maven)
Oct 18, 2024
social-auth-app-django affected by Improper Handling of Case Sensitivity
Moderate
CVE-2024-32879
was published
for
social-auth-app-django
(pip)
Apr 24, 2024
This flaw allows a malicious HTTP server to set "super cookies" in curl that
are then passed back...
Moderate
Unreviewed
CVE-2023-46218
was published
Dec 7, 2023
Windows DNS Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-28328.
Moderate
Unreviewed
CVE-2021-28323
was published
May 24, 2022
In OpenEMR, versions v2.7.2-rc1 to 6.0.0 are vulnerable to Improper Access Control when creating...
Moderate
Unreviewed
CVE-2021-25920
was published
May 24, 2022
A security feature bypass vulnerability exists when Windows Subsystem for Linux improperly...
Moderate
Unreviewed
CVE-2018-8337
was published
May 13, 2022
Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607,...
Moderate
Unreviewed
CVE-2017-8493
was published
May 13, 2022
Norton Anti-Virus (NAV) allows remote attackers to bypass content filtering via attachments whose...
Moderate
Unreviewed
CVE-2002-0485
was published
Apr 30, 2022
Task Manager in Windows 2000 does not allow local users to end processes with uppercase letters...
Moderate
Unreviewed
CVE-2001-1238
was published
Apr 30, 2022
ProTip!
Advisories are also available from the
GraphQL API