Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,630
Maven
5,000+
npm
5,000+
NuGet
928
pip
4,850
Pub
13
RubyGems
1,045
Rust
1,301
Swift
53
Unreviewed advisories
All unreviewed
5,000+

69 advisories

Loading
A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive... Moderate Unreviewed
CVE-2026-3833 was published Apr 30, 2026
The fix for CVE-2025-27636 added setLowerCase(true) to HttpHeaderFilterStrategy so that case... Critical Unreviewed
CVE-2026-40453 was published Apr 27, 2026
Heimdall: Case-sensitive host matching may lead to policy bypass High
GHSA-72h4-mxfc-jx37 was published for github.com/dadrus/heimdall (Go) Apr 25, 2026
Heimdall: Case-sensitive handling of URL-encoded slashes may lead to inconsistent path interpretation High
GHSA-43jv-5j4x-qv67 was published for github.com/dadrus/heimdall (Go) Apr 25, 2026
Multiple security fixes in justhtml Low
GHSA-4p64-v8f5-r2gx was published for justhtml (pip) Apr 14, 2026
EmilStenstrom Credited to EmilStenstrom
justhtml includes multiple security fixes Moderate
GHSA-c9vm-hv86-f23r was published for justhtml (pip) Apr 10, 2026
EmilStenstrom Credited to EmilStenstrom
Gotenberg has incomplete fix for ExifTool arbitrary file write: case-insensitive bypass and missing HardLink/SymLink tags High
GHSA-qmwh-9m9c-h36m was published for github.com/gotenberg/gotenberg/v8 (Go) Apr 7, 2026
kodareef5 Credited to kodareef5
OpenClaw: Windows-compatible env override keys could bypass system.run approval binding Moderate
GHSA-98ch-45wp-ch47 was published for openclaw (npm) Apr 7, 2026
wsparks-vc Credited to wsparks-vc and iskindar iskindar iskindar
prompts.chat prior to commit 1464475 contains an identity confusion vulnerability due to... High Unreviewed
CVE-2026-22665 was published Apr 3, 2026
Improper Handling of Case Sensitivity vulnerability in Drupal OpenID Connect / OAuth client... Moderate Unreviewed
CVE-2026-3532 was published Mar 26, 2026
OpenClaw: Exec approval allowlist patterns overmatched on POSIX paths Moderate
GHSA-f8r2-vg7x-gh8m was published for openclaw (npm) Mar 13, 2026
zpbrent Credited to zpbrent
simple-git has blockUnsafeOperationsPlugin bypass via case-insensitive protocol.allow config key enables RCE Critical
CVE-2026-28292 was published for simple-git (npm) Mar 10, 2026
CodeAnt-AI-Security Credited to CodeAnt-AI-Security
traefik CVE-2024-45410 fix bypass: lowercase `Connection` tokens can delete traefik-managed forwarded identity headers (for example, `X-Real-Ip`) High
CVE-2026-29054 was published for github.com/traefik/traefik/v2 (Go) Mar 4, 2026
1seal Credited to 1seal
MCP Go SDK Vulnerable to Improper Handling of Case Sensitivity High
CVE-2026-27896 was published for github.com/modelcontextprotocol/go-sdk (Go) Feb 26, 2026
anaximand3r Credited to anaximand3r
Caddy: MatchHost becomes case-sensitive for large host lists (>100), enabling host-based route/auth bypass High
CVE-2026-27588 was published for github.com/caddyserver/caddy/v2 (Go) Feb 24, 2026
manizada Credited to manizada
Caddy: MatchPath %xx (escaped-path) branch skips case normalization, enabling path-based route/auth bypass High
CVE-2026-27587 was published for github.com/caddyserver/caddy/v2 (Go) Feb 24, 2026
manizada Credited to manizada
File Browser has an Authentication Bypass in User Password Update Moderate
CVE-2026-25889 was published for github.com/filebrowser/filebrowser/v2 (Go) Feb 10, 2026
dogadmin Credited to dogadmin and hacdias hacdias hacdias
SiYuan File Read API Case Sensitivity Bypass can Lead to Path Traversal High
CVE-2026-25992 was published for github.com/siyuan-note/siyuan/kernel (Go) Jan 28, 2026
EaEa0001 Credited to EaEa0001
Formio improperly authorized permission elevation through specially crafted request path High
CVE-2025-67718 was published for formio (npm) Dec 10, 2025
elysia-cors Origin Validation Error Moderate
CVE-2025-50864 was published for @elysiajs/cors (npm) Aug 20, 2025
Apache Tomcat - CGI security constraint bypass Low
CVE-2025-46701 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) May 29, 2025
A flaw was found in libsoup. When handling cookies, libsoup clients mistakenly allow cookies to... Moderate Unreviewed
CVE-2025-4035 was published Apr 29, 2025
Flask-CORS vulnerable to Improper Handling of Case Sensitivity Moderate
CVE-2024-6866 was published for flask-cors (pip) Mar 20, 2025
adrianosela Credited to adrianosela
Apache Camel: Camel Message Header Injection via Improper Filtering Moderate
CVE-2025-27636 was published for org.apache.camel:camel-support (Maven) Mar 9, 2025
daltonking90 Credited to daltonking90
Improper handling of case sensitivity in Jenkins OpenId Connect Authentication Plugin High
CVE-2025-24399 was published for org.jenkins-ci.plugins:oic-auth (Maven) Jan 22, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database