GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,263
Erlang
31
GitHub Actions
21
Go
2,033
Maven
5,000+
npm
3,732
NuGet
662
pip
3,411
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+
41 advisories
Filter by severity
@npmcli/arborist vulnerable to UNIX Symbolic Link (Symlink) Following
High
CVE-2021-39134
was published
for
@npmcli/arborist
(npm)
Aug 31, 2021
An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is Improper Handling of Case...
High
Unreviewed
CVE-2021-45893
was published
Apr 6, 2022
The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files,...
High
Unreviewed
CVE-2021-24347
was published
May 24, 2022
The All in One SEO WordPress plugin before 4.1.5.3 is affected by a Privilege Escalation issue,...
High
Unreviewed
CVE-2021-25036
was published
Jan 18, 2022
uploads/include/dialog/select_soft.php in DedeCMS V57_UTF8_SP2 allows remote attackers to execute...
High
Unreviewed
CVE-2019-6289
was published
May 13, 2022
Redirect URL matching ignores character casing
Moderate
CVE-2020-15234
was published
for
github.com/ory/fosite
(Go)
May 24, 2021
In isFileUri of UriUtil.java, there is a possible way to bypass ignoring file://URI attachment...
Moderate
Unreviewed
CVE-2021-0973
was published
Dec 16, 2021
Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607,...
Moderate
Unreviewed
CVE-2017-8493
was published
May 13, 2022
A security feature bypass vulnerability exists when Windows Subsystem for Linux improperly...
Moderate
Unreviewed
CVE-2018-8337
was published
May 13, 2022
Etherpad Lite before 1.6.4 is exploitable for admin access.
Critical
Unreviewed
CVE-2018-9845
was published
May 13, 2022
Privilege escalation in MOSN
Critical
CVE-2021-32163
was published
for
mosn.io/mosn
(Go)
Feb 17, 2023
Authorization Policy Bypass Due to Case Insensitive Host Comparison
High
CVE-2021-39155
was published
for
istio.io/istio
(Go)
Aug 30, 2021
Improper sanitisation in `main/inc/lib/fileUpload.lib.php` in Chamilo LMS <= v1.11.20 on Windows...
Critical
Unreviewed
CVE-2023-3545
was published
Nov 28, 2023
Windows DNS Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-28328.
Moderate
Unreviewed
CVE-2021-28323
was published
May 24, 2022
Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem
High
CVE-2024-23331
was published
for
vite
(npm)
Jan 19, 2024
Unify eWave ServletExec allows a remote attacker to view source code of a JSP program by...
Moderate
Unreviewed
CVE-2000-0498
was published
Apr 30, 2022
The default configuration of BEA WebLogic 3.1.8 through 4.5.1 allows a remote attacker to view...
Moderate
Unreviewed
CVE-2000-0499
was published
Apr 30, 2022
Netscape FastTrack Web server lists files when a lowercase "get" command is used instead of an...
Moderate
Unreviewed
CVE-1999-0239
was published
Apr 30, 2022
Task Manager in Windows 2000 does not allow local users to end processes with uppercase letters...
Moderate
Unreviewed
CVE-2001-1238
was published
Apr 30, 2022
Norton Anti-Virus (NAV) allows remote attackers to bypass content filtering via attachments whose...
Moderate
Unreviewed
CVE-2002-0485
was published
Apr 30, 2022
IBM WebSphere server 3.0.2 allows a remote attacker to view source code of a JSP program by...
Moderate
Unreviewed
CVE-2000-0497
was published
Apr 30, 2022
Information disclosure of source code in SimpleSAMLphp
Low
CVE-2020-5301
was published
for
simplesamlphp/simplesamlphp
(Composer)
Apr 22, 2020
MyServer 0.8.9 and earlier does not properly handle uppercase characters in filename extensions,...
High
Unreviewed
CVE-2007-3365
was published
May 1, 2022
Perception LiteServe 1.25 allows remote attackers to obtain source code of CGI scripts via URLs...
Moderate
Unreviewed
CVE-2001-0795
was published
Apr 30, 2022
Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass...
High
Unreviewed
CVE-2001-0766
was published
Apr 30, 2022
ProTip!
Advisories are also available from the
GraphQL API