Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,076
Pub
10
RubyGems
832
Rust
781
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

28 advisories

Loading
Improper sanitisation in `main/inc/lib/fileUpload.lib.php` in Chamilo LMS <= v1.11.20 on Windows... Critical Unreviewed
CVE-2023-3545 was published Nov 28, 2023
An issue was discovered in ONOS 2.5.1. An intent with an uppercase letter in a device ID shows... Critical Unreviewed
CVE-2022-29604 was published Apr 20, 2023
The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files,... High Unreviewed
CVE-2021-24347 was published May 24, 2022
Windows DNS Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-28328. Moderate Unreviewed
CVE-2021-28323 was published May 24, 2022
An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and... High Unreviewed
CVE-2020-12812 was published May 24, 2022
Etherpad Lite before 1.6.4 is exploitable for admin access. Critical Unreviewed
CVE-2018-9845 was published May 13, 2022
A security feature bypass vulnerability exists when Windows Subsystem for Linux improperly... Moderate Unreviewed
CVE-2018-8337 was published May 13, 2022
Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607,... Moderate Unreviewed
CVE-2017-8493 was published May 13, 2022
uploads/include/dialog/select_soft.php in DedeCMS V57_UTF8_SP2 allows remote attackers to execute... High Unreviewed
CVE-2019-6289 was published May 13, 2022
MyServer 0.8.9 and earlier does not properly handle uppercase characters in filename extensions,... High Unreviewed
CVE-2007-3365 was published May 1, 2022
The file extension check in GNUBoard 3.40 and earlier only verifies extensions that contain all... High Unreviewed
CVE-2005-0269 was published May 1, 2022
Novell eDirectory 8.6.2 and 8.7 use case insensitive passwords, which makes it easier for remote... High Unreviewed
CVE-2002-2119 was published Apr 30, 2022
register.php in Ultimate PHP Board (UPB) 1.0 and 1.0b uses an administrative account Admin with a... High Unreviewed
CVE-2002-1820 was published Apr 30, 2022
Norton Anti-Virus (NAV) allows remote attackers to bypass content filtering via attachments whose... Moderate Unreviewed
CVE-2002-0485 was published Apr 30, 2022
Task Manager in Windows 2000 does not allow local users to end processes with uppercase letters... Moderate Unreviewed
CVE-2001-1238 was published Apr 30, 2022
Perception LiteServe 1.25 allows remote attackers to obtain source code of CGI scripts via URLs... Moderate Unreviewed
CVE-2001-0795 was published Apr 30, 2022
Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass... High Unreviewed
CVE-2001-0766 was published Apr 30, 2022
Unify eWave ServletExec allows a remote attacker to view source code of a JSP program by... Moderate Unreviewed
CVE-2000-0498 was published Apr 30, 2022
IBM WebSphere server 3.0.2 allows a remote attacker to view source code of a JSP program by... Moderate Unreviewed
CVE-2000-0497 was published Apr 30, 2022
The default configuration of BEA WebLogic 3.1.8 through 4.5.1 allows a remote attacker to view... Moderate Unreviewed
CVE-2000-0499 was published Apr 30, 2022
Netscape FastTrack Web server lists files when a lowercase "get" command is used instead of an... Moderate Unreviewed
CVE-1999-0239 was published Apr 30, 2022
Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to bypass access restrictions... High Unreviewed
CVE-2004-2214 was published Apr 29, 2022
CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as case sensitive, which allows... High Unreviewed
CVE-2004-2154 was published Apr 29, 2022
Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner,... Moderate Unreviewed
CVE-2004-1083 was published Apr 29, 2022
Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source... Moderate Unreviewed
CVE-2003-0411 was published Apr 29, 2022
ProTip! Advisories are also available from the GraphQL API