GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
18 advisories
Filter by severity
Redirect URL matching ignores character casing
Moderate
CVE-2020-15234
was published
for
github.com/ory/fosite
(Go)
May 24, 2021
In isFileUri of UriUtil.java, there is a possible way to bypass ignoring file://URI attachment...
Moderate
Unreviewed
CVE-2021-0973
was published
Dec 16, 2021
Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607,...
Moderate
Unreviewed
CVE-2017-8493
was published
May 13, 2022
A security feature bypass vulnerability exists when Windows Subsystem for Linux improperly...
Moderate
Unreviewed
CVE-2018-8337
was published
May 13, 2022
Windows DNS Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-28328.
Moderate
Unreviewed
CVE-2021-28323
was published
May 24, 2022
Unify eWave ServletExec allows a remote attacker to view source code of a JSP program by...
Moderate
Unreviewed
CVE-2000-0498
was published
Apr 30, 2022
The default configuration of BEA WebLogic 3.1.8 through 4.5.1 allows a remote attacker to view...
Moderate
Unreviewed
CVE-2000-0499
was published
Apr 30, 2022
Netscape FastTrack Web server lists files when a lowercase "get" command is used instead of an...
Moderate
Unreviewed
CVE-1999-0239
was published
Apr 30, 2022
Task Manager in Windows 2000 does not allow local users to end processes with uppercase letters...
Moderate
Unreviewed
CVE-2001-1238
was published
Apr 30, 2022
Norton Anti-Virus (NAV) allows remote attackers to bypass content filtering via attachments whose...
Moderate
Unreviewed
CVE-2002-0485
was published
Apr 30, 2022
IBM WebSphere server 3.0.2 allows a remote attacker to view source code of a JSP program by...
Moderate
Unreviewed
CVE-2000-0497
was published
Apr 30, 2022
Perception LiteServe 1.25 allows remote attackers to obtain source code of CGI scripts via URLs...
Moderate
Unreviewed
CVE-2001-0795
was published
Apr 30, 2022
Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source...
Moderate
Unreviewed
CVE-2003-0411
was published
Apr 29, 2022
Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner,...
Moderate
Unreviewed
CVE-2004-1083
was published
Apr 29, 2022
social-auth-app-django affected by Improper Handling of Case Sensitivity
Moderate
CVE-2024-32879
was published
for
social-auth-app-django
(pip)
Apr 24, 2024
Spring Framework DataBinder Case Sensitive Match Exception
Moderate
CVE-2024-38820
was published
for
org.springframework:spring-context
(Maven)
Oct 18, 2024
Spring LDAP data exposure vulnerability
Moderate
CVE-2024-38829
was published
for
org.springframework.ldap:spring-ldap-core
(Maven)
Dec 4, 2024
Drupal core Access bypass
Moderate
CVE-2024-55634
was published
for
drupal/core
(Composer)
Dec 10, 2024
ProTip!
Advisories are also available from the
GraphQL API