GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,316
Maven
5,000+
npm
5,000+
NuGet
1,030
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,493
Swift
61
Unreviewed advisories
All unreviewed
5,000+
16 advisories
Filter by severity
@microsoft/kiota-http-fetchlibrary: Bearer token and Cookie leak across origin on redirect due to case-mismatched scrub in fetchRequestAdapter
Moderate
CVE-2026-49336
was published
for
@microsoft/kiota-http-fetchlibrary
(npm)
Jun 26, 2026
MCPVault: PathFilter restricted-directory deny-list bypass via case and trailing dot/space equivalence
Moderate
GHSA-j99q-93c9-h869
was published
for
@bitbonsai/mcpvault
(npm)
Jun 18, 2026
tuf has platform-dependent delegation path matching
Moderate
GHSA-qp9x-wp8f-qgjj
was published
for
tuf
(pip)
May 28, 2026
Envoy AI Proxy - MCP Message Smuggling Vulnerability
Moderate
GHSA-4gph-2hhr-5mwg
was published
for
github.com/envoyproxy/ai-gateway
(Go)
May 19, 2026
justhtml includes multiple security fixes
Moderate
GHSA-c9vm-hv86-f23r
was published
for
justhtml
(pip)
Apr 10, 2026
OpenClaw: Windows-compatible env override keys could bypass system.run approval binding
Moderate
GHSA-98ch-45wp-ch47
was published
for
openclaw
(npm)
Apr 7, 2026
OpenClaw: Exec approval allowlist patterns overmatched on POSIX paths
Moderate
GHSA-f8r2-vg7x-gh8m
was published
for
openclaw
(npm)
Mar 13, 2026
File Browser has an Authentication Bypass in User Password Update
Moderate
CVE-2026-25889
was published
for
github.com/filebrowser/filebrowser/v2
(Go)
Feb 10, 2026
elysia-cors Origin Validation Error
Moderate
CVE-2025-50864
was published
for
@elysiajs/cors
(npm)
Aug 20, 2025
Flask-CORS vulnerable to Improper Handling of Case Sensitivity
Moderate
CVE-2024-6866
was published
for
flask-cors
(pip)
Mar 20, 2025
Apache Camel: Camel Message Header Injection via Improper Filtering
Moderate
CVE-2025-27636
was published
for
org.apache.camel:camel-support
(Maven)
Mar 9, 2025
Drupal core Access bypass
Moderate
CVE-2024-55634
was published
for
drupal/core
(Composer)
Dec 10, 2024
Spring LDAP data exposure vulnerability
Moderate
CVE-2024-38829
was published
for
org.springframework.ldap:spring-ldap-core
(Maven)
Dec 4, 2024
Spring Framework DataBinder Case Sensitive Match Exception
Moderate
CVE-2024-38820
was published
for
org.springframework:spring-context
(Maven)
Oct 18, 2024
social-auth-app-django affected by Improper Handling of Case Sensitivity
Moderate
CVE-2024-32879
was published
for
social-auth-app-django
(pip)
Apr 24, 2024
Redirect URL matching ignores character casing
Moderate
CVE-2020-15234
was published
for
github.com/ory/fosite
(Go)
May 24, 2021
ProTip!
Advisories are also available from the
GraphQL API