Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,226
Erlang
31
GitHub Actions
19
Go
1,991
Maven
5,000+
npm
3,708
NuGet
661
pip
3,341
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+

39 advisories

Loading
@npmcli/arborist vulnerable to UNIX Symbolic Link (Symlink) Following High
CVE-2021-39134 was published for @npmcli/arborist (npm) Aug 31, 2021
ginkoid chen-robert
An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is Improper Handling of Case... High Unreviewed
CVE-2021-45893 was published Apr 6, 2022
The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files,... High Unreviewed
CVE-2021-24347 was published May 24, 2022
The All in One SEO WordPress plugin before 4.1.5.3 is affected by a Privilege Escalation issue,... High Unreviewed
CVE-2021-25036 was published Jan 18, 2022
uploads/include/dialog/select_soft.php in DedeCMS V57_UTF8_SP2 allows remote attackers to execute... High Unreviewed
CVE-2019-6289 was published May 13, 2022
Redirect URL matching ignores character casing Moderate
CVE-2020-15234 was published for github.com/ory/fosite (Go) May 24, 2021
mitar
In isFileUri of UriUtil.java, there is a possible way to bypass ignoring file://URI attachment... Moderate Unreviewed
CVE-2021-0973 was published Dec 16, 2021
Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607,... Moderate Unreviewed
CVE-2017-8493 was published May 13, 2022
A security feature bypass vulnerability exists when Windows Subsystem for Linux improperly... Moderate Unreviewed
CVE-2018-8337 was published May 13, 2022
Etherpad Lite before 1.6.4 is exploitable for admin access. Critical Unreviewed
CVE-2018-9845 was published May 13, 2022
Privilege escalation in MOSN Critical
CVE-2021-32163 was published for mosn.io/mosn (Go) Feb 17, 2023
Authorization Policy Bypass Due to Case Insensitive Host Comparison High
CVE-2021-39155 was published for istio.io/istio (Go) Aug 30, 2021
yangminzhu avivdolev
tdunlap607
Improper sanitisation in `main/inc/lib/fileUpload.lib.php` in Chamilo LMS <= v1.11.20 on Windows... Critical Unreviewed
CVE-2023-3545 was published Nov 28, 2023
Windows DNS Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-28328. Moderate Unreviewed
CVE-2021-28323 was published May 24, 2022
Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem High
CVE-2024-23331 was published for vite (npm) Jan 19, 2024
dariushoule
Unify eWave ServletExec allows a remote attacker to view source code of a JSP program by... Moderate Unreviewed
CVE-2000-0498 was published Apr 30, 2022
The default configuration of BEA WebLogic 3.1.8 through 4.5.1 allows a remote attacker to view... Moderate Unreviewed
CVE-2000-0499 was published Apr 30, 2022
Netscape FastTrack Web server lists files when a lowercase "get" command is used instead of an... Moderate Unreviewed
CVE-1999-0239 was published Apr 30, 2022
Task Manager in Windows 2000 does not allow local users to end processes with uppercase letters... Moderate Unreviewed
CVE-2001-1238 was published Apr 30, 2022
Norton Anti-Virus (NAV) allows remote attackers to bypass content filtering via attachments whose... Moderate Unreviewed
CVE-2002-0485 was published Apr 30, 2022
IBM WebSphere server 3.0.2 allows a remote attacker to view source code of a JSP program by... Moderate Unreviewed
CVE-2000-0497 was published Apr 30, 2022
Information disclosure of source code in SimpleSAMLphp Low
CVE-2020-5301 was published for simplesamlphp/simplesamlphp (Composer) Apr 22, 2020
slawn
MyServer 0.8.9 and earlier does not properly handle uppercase characters in filename extensions,... High Unreviewed
CVE-2007-3365 was published May 1, 2022
Perception LiteServe 1.25 allows remote attackers to obtain source code of CGI scripts via URLs... Moderate Unreviewed
CVE-2001-0795 was published Apr 30, 2022
Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass... High Unreviewed
CVE-2001-0766 was published Apr 30, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database