GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
41 advisories
Filter by severity
Drupal core Access bypass
Moderate
CVE-2024-55634
was published
for
drupal/core
(Composer)
Dec 10, 2024
Spring LDAP data exposure vulnerability
Moderate
CVE-2024-38829
was published
for
org.springframework.ldap:spring-ldap-core
(Maven)
Dec 4, 2024
Spring Framework DataBinder Case Sensitive Match Exception
Moderate
CVE-2024-38820
was published
for
org.springframework:spring-context
(Maven)
Oct 18, 2024
social-auth-app-django affected by Improper Handling of Case Sensitivity
Moderate
CVE-2024-32879
was published
for
social-auth-app-django
(pip)
Apr 24, 2024
In violation of spec, cookie prefixes such as `__Secure` were being ignored if they were not...
Critical
Unreviewed
CVE-2024-5699
was published
Jun 11, 2024
Improper handling of case sensitivity in Spring Framework
High
CVE-2022-22968
was published
for
org.springframework:spring-context
(Maven)
Apr 15, 2022
Arbitrary File Overwrite in Eclipse JGit
High
CVE-2023-4759
was published
for
org.eclipse.jgit:org.eclipse.jgit
(Maven)
Sep 18, 2023
An issue was discovered in ONOS 2.5.1. An intent with an uppercase letter in a device ID shows...
Critical
Unreviewed
CVE-2022-29604
was published
Apr 20, 2023
CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as case sensitive, which allows...
High
Unreviewed
CVE-2004-2154
was published
Apr 29, 2022
An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and...
High
Unreviewed
CVE-2020-12812
was published
May 24, 2022
Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to bypass access restrictions...
High
Unreviewed
CVE-2004-2214
was published
Apr 29, 2022
Novell eDirectory 8.6.2 and 8.7 use case insensitive passwords, which makes it easier for remote...
High
Unreviewed
CVE-2002-2119
was published
Apr 30, 2022
Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner,...
Moderate
Unreviewed
CVE-2004-1083
was published
Apr 29, 2022
register.php in Ultimate PHP Board (UPB) 1.0 and 1.0b uses an administrative account Admin with a...
High
Unreviewed
CVE-2002-1820
was published
Apr 30, 2022
Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source...
Moderate
Unreviewed
CVE-2003-0411
was published
Apr 29, 2022
The file extension check in GNUBoard 3.40 and earlier only verifies extensions that contain all...
High
Unreviewed
CVE-2005-0269
was published
May 1, 2022
Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass...
High
Unreviewed
CVE-2001-0766
was published
Apr 30, 2022
Perception LiteServe 1.25 allows remote attackers to obtain source code of CGI scripts via URLs...
Moderate
Unreviewed
CVE-2001-0795
was published
Apr 30, 2022
MyServer 0.8.9 and earlier does not properly handle uppercase characters in filename extensions,...
High
Unreviewed
CVE-2007-3365
was published
May 1, 2022
Information disclosure of source code in SimpleSAMLphp
Low
CVE-2020-5301
was published
for
simplesamlphp/simplesamlphp
(Composer)
Apr 22, 2020
IBM WebSphere server 3.0.2 allows a remote attacker to view source code of a JSP program by...
Moderate
Unreviewed
CVE-2000-0497
was published
Apr 30, 2022
Norton Anti-Virus (NAV) allows remote attackers to bypass content filtering via attachments whose...
Moderate
Unreviewed
CVE-2002-0485
was published
Apr 30, 2022
Task Manager in Windows 2000 does not allow local users to end processes with uppercase letters...
Moderate
Unreviewed
CVE-2001-1238
was published
Apr 30, 2022
Netscape FastTrack Web server lists files when a lowercase "get" command is used instead of an...
Moderate
Unreviewed
CVE-1999-0239
was published
Apr 30, 2022
Unify eWave ServletExec allows a remote attacker to view source code of a JSP program by...
Moderate
Unreviewed
CVE-2000-0498
was published
Apr 30, 2022
ProTip!
Advisories are also available from the
GraphQL API