Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

39 advisories

Loading
Spring Framework DataBinder Case Sensitive Match Exception Moderate
CVE-2024-38820 was published for org.springframework:spring-context (Maven) Oct 18, 2024
jw123023
social-auth-app-django affected by Improper Handling of Case Sensitivity Moderate
CVE-2024-32879 was published for social-auth-app-django (pip) Apr 24, 2024
bradenmacdonald nijel
In violation of spec, cookie prefixes such as `__Secure` were being ignored if they were not... Critical Unreviewed
CVE-2024-5699 was published Jun 11, 2024
Improper handling of case sensitivity in Spring Framework High
CVE-2022-22968 was published for org.springframework:spring-context (Maven) Apr 15, 2022
tdunlap607 amita-seal
SunBK201
Arbitrary File Overwrite in Eclipse JGit High
CVE-2023-4759 was published for org.eclipse.jgit:org.eclipse.jgit (Maven) Sep 18, 2023
mattberry3
An issue was discovered in ONOS 2.5.1. An intent with an uppercase letter in a device ID shows... Critical Unreviewed
CVE-2022-29604 was published Apr 20, 2023
CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as case sensitive, which allows... High Unreviewed
CVE-2004-2154 was published Apr 29, 2022
An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and... High Unreviewed
CVE-2020-12812 was published May 24, 2022
Novell eDirectory 8.6.2 and 8.7 use case insensitive passwords, which makes it easier for remote... High Unreviewed
CVE-2002-2119 was published Apr 30, 2022
Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to bypass access restrictions... High Unreviewed
CVE-2004-2214 was published Apr 29, 2022
Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner,... Moderate Unreviewed
CVE-2004-1083 was published Apr 29, 2022
register.php in Ultimate PHP Board (UPB) 1.0 and 1.0b uses an administrative account Admin with a... High Unreviewed
CVE-2002-1820 was published Apr 30, 2022
Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source... Moderate Unreviewed
CVE-2003-0411 was published Apr 29, 2022
The file extension check in GNUBoard 3.40 and earlier only verifies extensions that contain all... High Unreviewed
CVE-2005-0269 was published May 1, 2022
Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass... High Unreviewed
CVE-2001-0766 was published Apr 30, 2022
Perception LiteServe 1.25 allows remote attackers to obtain source code of CGI scripts via URLs... Moderate Unreviewed
CVE-2001-0795 was published Apr 30, 2022
MyServer 0.8.9 and earlier does not properly handle uppercase characters in filename extensions,... High Unreviewed
CVE-2007-3365 was published May 1, 2022
Information disclosure of source code in SimpleSAMLphp Low
CVE-2020-5301 was published for simplesamlphp/simplesamlphp (Composer) Apr 22, 2020
slawn
IBM WebSphere server 3.0.2 allows a remote attacker to view source code of a JSP program by... Moderate Unreviewed
CVE-2000-0497 was published Apr 30, 2022
Norton Anti-Virus (NAV) allows remote attackers to bypass content filtering via attachments whose... Moderate Unreviewed
CVE-2002-0485 was published Apr 30, 2022
Task Manager in Windows 2000 does not allow local users to end processes with uppercase letters... Moderate Unreviewed
CVE-2001-1238 was published Apr 30, 2022
Netscape FastTrack Web server lists files when a lowercase "get" command is used instead of an... Moderate Unreviewed
CVE-1999-0239 was published Apr 30, 2022
Unify eWave ServletExec allows a remote attacker to view source code of a JSP program by... Moderate Unreviewed
CVE-2000-0498 was published Apr 30, 2022
The default configuration of BEA WebLogic 3.1.8 through 4.5.1 allows a remote attacker to view... Moderate Unreviewed
CVE-2000-0499 was published Apr 30, 2022
Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem High
CVE-2024-23331 was published for vite (npm) Jan 19, 2024
dariushoule
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database