Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,168
Erlang
30
GitHub Actions
19
Go
1,975
Maven
5,000+
npm
3,698
NuGet
654
pip
3,314
Pub
11
RubyGems
882
Rust
831
Swift
35
Unreviewed advisories
All unreviewed
5,000+

17 advisories

Loading
@npmcli/arborist vulnerable to UNIX Symbolic Link (Symlink) Following High
CVE-2021-39134 was published for @npmcli/arborist (npm) Aug 31, 2021
ginkoid chen-robert
An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is Improper Handling of Case... High Unreviewed
CVE-2021-45893 was published Apr 6, 2022
The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files,... High Unreviewed
CVE-2021-24347 was published May 24, 2022
The All in One SEO WordPress plugin before 4.1.5.3 is affected by a Privilege Escalation issue,... High Unreviewed
CVE-2021-25036 was published Jan 18, 2022
uploads/include/dialog/select_soft.php in DedeCMS V57_UTF8_SP2 allows remote attackers to execute... High Unreviewed
CVE-2019-6289 was published May 13, 2022
Authorization Policy Bypass Due to Case Insensitive Host Comparison High
CVE-2021-39155 was published for istio.io/istio (Go) Aug 30, 2021
yangminzhu avivdolev
tdunlap607
Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem High
CVE-2024-23331 was published for vite (npm) Jan 19, 2024
dariushoule
MyServer 0.8.9 and earlier does not properly handle uppercase characters in filename extensions,... High Unreviewed
CVE-2007-3365 was published May 1, 2022
Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass... High Unreviewed
CVE-2001-0766 was published Apr 30, 2022
The file extension check in GNUBoard 3.40 and earlier only verifies extensions that contain all... High Unreviewed
CVE-2005-0269 was published May 1, 2022
register.php in Ultimate PHP Board (UPB) 1.0 and 1.0b uses an administrative account Admin with a... High Unreviewed
CVE-2002-1820 was published Apr 30, 2022
Novell eDirectory 8.6.2 and 8.7 use case insensitive passwords, which makes it easier for remote... High Unreviewed
CVE-2002-2119 was published Apr 30, 2022
Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to bypass access restrictions... High Unreviewed
CVE-2004-2214 was published Apr 29, 2022
An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and... High Unreviewed
CVE-2020-12812 was published May 24, 2022
CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as case sensitive, which allows... High Unreviewed
CVE-2004-2154 was published Apr 29, 2022
Arbitrary File Overwrite in Eclipse JGit High
CVE-2023-4759 was published for org.eclipse.jgit:org.eclipse.jgit (Maven) Sep 18, 2023
mattberry3
Improper handling of case sensitivity in Spring Framework High
CVE-2022-22968 was published for org.springframework:spring-context (Maven) Apr 15, 2022
tdunlap607 amita-seal
SunBK201
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database