Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,630
Maven
5,000+
npm
5,000+
NuGet
928
pip
4,850
Pub
13
RubyGems
1,045
Rust
1,301
Swift
53
Unreviewed advisories
All unreviewed
5,000+

33 advisories

Loading
Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static... Low Unreviewed
CVE-2026-22741 was published Apr 29, 2026
Fiber's cache middleware default key generator ignores query string, causing response mix-up across distinct query parameters Moderate
CVE-2026-30246 was published for github.com/gofiber/fiber/v3 (Go) Apr 28, 2026
xeloxa Credited to xeloxa, gaby, and ReneWerner87 gaby gaby
ReneWerner87 ReneWerner87
IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an attacker to trick the caching... Moderate Unreviewed
CVE-2025-14806 was published Mar 18, 2026
Flask session does not add `Vary: Cookie` header when accessed in some ways Low
CVE-2026-27205 was published for flask (pip) Feb 19, 2026
shouryaj98 Credited to shouryaj98
Hono cache middleware ignores "Cache-Control: private" leading to Web Cache Deception Moderate
CVE-2026-24472 was published for hono (npm) Jan 27, 2026
simonkoeck Credited to simonkoeck
Umbraco.Forms CDN may cache sensitive form uploads when processed by ImageSharp Low
GHSA-7jxj-rpx7-ph2c was published for Umbraco.Forms (NuGet) Jan 22, 2026
An issue was discovered in Chamillo LMS 1.11.2. The Social Network /personal_data endpoint... High Unreviewed
CVE-2025-69581 was published Jan 16, 2026
axios-cache-interceptor Vulnerable to Cache Poisoning via Ignored HTTP Vary Header Moderate
CVE-2025-69202 was published for axios-cache-interceptor (npm) Dec 30, 2025
kishore03109 Credited to kishore03109 and arthurfiorette arthurfiorette arthurfiorette
The issue was addressed with improved handling of caches. This issue is fixed in macOS Sequoia 15... Low Unreviewed
CVE-2025-43410 was published Dec 12, 2025
Android App "Brother iPrint&Scan" versions 6.13.7 and earlier improperly uses an external cache... Moderate Unreviewed
CVE-2025-64696 was published Dec 9, 2025
authkit-nextjs may let session cookies be cached in CDNs High
CVE-2025-64762 was published for @workos-inc/authkit-nextjs (npm) Nov 20, 2025
The issue was addressed with improved handling of caches. This issue is fixed in Safari 26.1,... Moderate Unreviewed
CVE-2025-43392 was published Nov 4, 2025
A flaw was found in libsoup’s caching mechanism, SoupCache, where the HTTP Vary header is ignored... Moderate Unreviewed
CVE-2025-9901 was published Sep 3, 2025
Next.js Affected by Cache Key Confusion for Image Optimization API Routes Moderate
CVE-2025-57752 was published for next (npm) Aug 29, 2025
reddounsf Credited to reddounsf and medikoo medikoo medikoo
A binary in the BoKS Server Agent component of Fortra's Core Privileged Access Manager (BoKS) on... Moderate Unreviewed
CVE-2025-5141 was published Jun 17, 2025
An insufficient implementation of cache vulnerability in Palo Alto Networks Prisma® Access... Moderate Unreviewed
CVE-2025-4233 was published Jun 13, 2025
Missing "no cache" headers in HCL Leap permits sensitive data to be cached. Low Unreviewed
CVE-2023-37517 was published May 1, 2025
Missing "no cache" headers in HCL Leap permits sensitive data to be cached. Low Unreviewed
CVE-2024-30127 was published Apr 24, 2025
Missing "no cache" headers in HCL Leap permits user directory information to be cached. Low Unreviewed
CVE-2023-37516 was published Apr 24, 2025
The Rapid Cache plugin for WordPress is vulnerable to Cache Poisoning in all versions up to, and... High Unreviewed
CVE-2024-12314 was published Feb 18, 2025
JetBrains Ktor information disclosure Moderate
CVE-2024-49580 was published for io.ktor:ktor-client-core-jvm (Maven) Oct 17, 2024
AlexeyTsvetkov Credited to AlexeyTsvetkov
Session is cached for OpenID and OAuth2 if `redirect` is not used High
CVE-2024-45596 was published for @directus/api (npm) Sep 10, 2024
joselcvarela Credited to joselcvarela
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions ... Moderate Unreviewed
CVE-2024-41906 was published Aug 13, 2024
SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic... Moderate Unreviewed
CVE-2024-33004 was published May 14, 2024
CoreDNS may return invalid cache entries Moderate
CVE-2024-0874 was published for github.com/coredns/coredns (Go) Apr 25, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database