GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,316
Maven
5,000+
npm
5,000+
NuGet
1,030
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,493
Swift
61
Unreviewed advisories
All unreviewed
5,000+
36 advisories
Filter by severity
@npmcli/arborist vulnerable to UNIX Symbolic Link (Symlink) Following
High
CVE-2021-39134
was published
for
@npmcli/arborist
(npm)
Aug 31, 2021
An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is Improper Handling of Case...
High
Unreviewed
CVE-2021-45893
was published
Apr 6, 2022
The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files,...
High
Unreviewed
CVE-2021-24347
was published
May 24, 2022
The All in One SEO WordPress plugin before 4.1.5.3 is affected by a Privilege Escalation issue,...
High
Unreviewed
CVE-2021-25036
was published
Jan 18, 2022
uploads/include/dialog/select_soft.php in DedeCMS V57_UTF8_SP2 allows remote attackers to execute...
High
Unreviewed
CVE-2019-6289
was published
May 13, 2022
Authorization Policy Bypass Due to Case Insensitive Host Comparison
High
CVE-2021-39155
was published
for
istio.io/istio
(Go)
Aug 30, 2021
Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem
High
CVE-2024-23331
was published
for
vite
(npm)
Jan 19, 2024
MyServer 0.8.9 and earlier does not properly handle uppercase characters in filename extensions,...
High
Unreviewed
CVE-2007-3365
was published
May 1, 2022
Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass...
High
Unreviewed
CVE-2001-0766
was published
Apr 30, 2022
The file extension check in GNUBoard 3.40 and earlier only verifies extensions that contain all...
High
Unreviewed
CVE-2005-0269
was published
May 1, 2022
Novell eDirectory 8.6.2 and 8.7 use case insensitive passwords, which makes it easier for remote...
High
Unreviewed
CVE-2002-2119
was published
Apr 30, 2022
Arbitrary File Overwrite in Eclipse JGit
High
CVE-2023-4759
was published
for
org.eclipse.jgit:org.eclipse.jgit
(Maven)
Sep 18, 2023
Improper handling of case sensitivity in Spring Framework
High
CVE-2022-22968
was published
for
org.springframework:spring-context
(Maven)
Apr 15, 2022
Improper handling of case sensitivity in Jenkins OpenId Connect Authentication Plugin
High
CVE-2025-24399
was published
for
org.jenkins-ci.plugins:oic-auth
(Maven)
Jan 22, 2025
Formio improperly authorized permission elevation through specially crafted request path
High
CVE-2025-67718
was published
for
formio
(npm)
Dec 10, 2025
SiYuan File Read API Case Sensitivity Bypass can Lead to Path Traversal
High
CVE-2026-25992
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Jan 28, 2026
MCP Go SDK Vulnerable to Improper Handling of Case Sensitivity
High
CVE-2026-27896
was published
for
github.com/modelcontextprotocol/go-sdk
(Go)
Feb 26, 2026
Caddy: MatchPath %xx (escaped-path) branch skips case normalization, enabling path-based route/auth bypass
High
CVE-2026-27587
was published
for
github.com/caddyserver/caddy/v2
(Go)
Feb 24, 2026
Caddy: MatchHost becomes case-sensitive for large host lists (>100), enabling host-based route/auth bypass
High
CVE-2026-27588
was published
for
github.com/caddyserver/caddy/v2
(Go)
Feb 24, 2026
traefik CVE-2024-45410 fix bypass: lowercase `Connection` tokens can delete traefik-managed forwarded identity headers (for example, `X-Real-Ip`)
High
CVE-2026-29054
was published
for
github.com/traefik/traefik/v2
(Go)
Mar 4, 2026
An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and...
High
Unreviewed
CVE-2020-12812
was published
May 24, 2022
register.php in Ultimate PHP Board (UPB) 1.0 and 1.0b uses an administrative account Admin with a...
High
Unreviewed
CVE-2002-1820
was published
Apr 30, 2022
CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as case sensitive, which allows...
High
Unreviewed
CVE-2004-2154
was published
Apr 29, 2022
Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to bypass access restrictions...
High
Unreviewed
CVE-2004-2214
was published
Apr 29, 2022
prompts.chat prior to commit 1464475 contains an identity confusion vulnerability due to...
High
Unreviewed
CVE-2026-22665
was published
Apr 3, 2026
ProTip!
Advisories are also available from the
GraphQL API