Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

36 advisories

Loading
Authorization Policy Bypass Due to Case Insensitive Host Comparison High
CVE-2021-39155 was published for istio.io/istio (Go) Aug 30, 2021
yangminzhu Credited to yangminzhu, avivdolev, and tdunlap607 avivdolev avivdolev
tdunlap607 tdunlap607
@npmcli/arborist vulnerable to UNIX Symbolic Link (Symlink) Following High
CVE-2021-39134 was published for @npmcli/arborist (npm) Aug 31, 2021
ginkoid Credited to ginkoid and chen-robert chen-robert chen-robert
Improper handling of case sensitivity in Spring Framework High
CVE-2022-22968 was published for org.springframework:spring-context (Maven) Apr 15, 2022
tdunlap607 Credited to tdunlap607, amita-seal, and SunBK201 amita-seal amita-seal
SunBK201 SunBK201
Arbitrary File Overwrite in Eclipse JGit High
CVE-2023-4759 was published for org.eclipse.jgit:org.eclipse.jgit (Maven) Sep 18, 2023
mattberry3 Credited to mattberry3
dariushoule Credited to dariushoule
Improper handling of case sensitivity in Jenkins OpenId Connect Authentication Plugin High
CVE-2025-24399 was published for org.jenkins-ci.plugins:oic-auth (Maven) Jan 22, 2025
Formio improperly authorized permission elevation through specially crafted request path High
CVE-2025-67718 was published for formio (npm) Dec 10, 2025
SiYuan File Read API Case Sensitivity Bypass can Lead to Path Traversal High
CVE-2026-25992 was published for github.com/siyuan-note/siyuan/kernel (Go) Jan 28, 2026
EaEa0001 Credited to EaEa0001
Caddy: MatchPath %xx (escaped-path) branch skips case normalization, enabling path-based route/auth bypass High
CVE-2026-27587 was published for github.com/caddyserver/caddy/v2 (Go) Feb 24, 2026
manizada Credited to manizada
Caddy: MatchHost becomes case-sensitive for large host lists (>100), enabling host-based route/auth bypass High
CVE-2026-27588 was published for github.com/caddyserver/caddy/v2 (Go) Feb 24, 2026
manizada Credited to manizada
MCP Go SDK Vulnerable to Improper Handling of Case Sensitivity High
CVE-2026-27896 was published for github.com/modelcontextprotocol/go-sdk (Go) Feb 26, 2026
anaximand3r Credited to anaximand3r
1seal Credited to 1seal
ProTip! Advisories are also available from the GraphQL API