Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

36 advisories

Loading
@npmcli/arborist vulnerable to UNIX Symbolic Link (Symlink) Following High
CVE-2021-39134 was published for @npmcli/arborist (npm) Aug 31, 2021
ginkoid Credited to ginkoid and chen-robert chen-robert chen-robert
Authorization Policy Bypass Due to Case Insensitive Host Comparison High
CVE-2021-39155 was published for istio.io/istio (Go) Aug 30, 2021
yangminzhu Credited to yangminzhu, avivdolev, and tdunlap607 avivdolev avivdolev
tdunlap607 tdunlap607
dariushoule Credited to dariushoule
Arbitrary File Overwrite in Eclipse JGit High
CVE-2023-4759 was published for org.eclipse.jgit:org.eclipse.jgit (Maven) Sep 18, 2023
mattberry3 Credited to mattberry3
Improper handling of case sensitivity in Spring Framework High
CVE-2022-22968 was published for org.springframework:spring-context (Maven) Apr 15, 2022
tdunlap607 Credited to tdunlap607, amita-seal, and SunBK201 amita-seal amita-seal
SunBK201 SunBK201
Improper handling of case sensitivity in Jenkins OpenId Connect Authentication Plugin High
CVE-2025-24399 was published for org.jenkins-ci.plugins:oic-auth (Maven) Jan 22, 2025
Formio improperly authorized permission elevation through specially crafted request path High
CVE-2025-67718 was published for formio (npm) Dec 10, 2025
SiYuan File Read API Case Sensitivity Bypass can Lead to Path Traversal High
CVE-2026-25992 was published for github.com/siyuan-note/siyuan/kernel (Go) Jan 28, 2026
EaEa0001 Credited to EaEa0001
MCP Go SDK Vulnerable to Improper Handling of Case Sensitivity High
CVE-2026-27896 was published for github.com/modelcontextprotocol/go-sdk (Go) Feb 26, 2026
anaximand3r Credited to anaximand3r
Caddy: MatchPath %xx (escaped-path) branch skips case normalization, enabling path-based route/auth bypass High
CVE-2026-27587 was published for github.com/caddyserver/caddy/v2 (Go) Feb 24, 2026
manizada Credited to manizada
Caddy: MatchHost becomes case-sensitive for large host lists (>100), enabling host-based route/auth bypass High
CVE-2026-27588 was published for github.com/caddyserver/caddy/v2 (Go) Feb 24, 2026
manizada Credited to manizada
1seal Credited to 1seal
ProTip! Advisories are also available from the GraphQL API