Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,426
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,670
Pub
13
RubyGems
1,029
Rust
1,212
Swift
53
Unreviewed advisories
All unreviewed
5,000+

13 advisories

Loading
Flask session does not add `Vary: Cookie` header when accessed in some ways Low
CVE-2026-27205 was published for flask (pip) Feb 19, 2026
shouryaj98 Credited to shouryaj98
Hono cache middleware ignores "Cache-Control: private" leading to Web Cache Deception Moderate
CVE-2026-24472 was published for hono (npm) Jan 27, 2026
simonkoeck Credited to simonkoeck
Umbraco.Forms CDN may cache sensitive form uploads when processed by ImageSharp Low
GHSA-7jxj-rpx7-ph2c was published for Umbraco.Forms (NuGet) Jan 22, 2026
axios-cache-interceptor Vulnerable to Cache Poisoning via Ignored HTTP Vary Header Moderate
CVE-2025-69202 was published for axios-cache-interceptor (npm) Dec 30, 2025
kishore03109 Credited to kishore03109 and arthurfiorette arthurfiorette arthurfiorette
authkit-nextjs may let session cookies be cached in CDNs High
CVE-2025-64762 was published for @workos-inc/authkit-nextjs (npm) Nov 20, 2025
Next.js Affected by Cache Key Confusion for Image Optimization API Routes Moderate
CVE-2025-57752 was published for next (npm) Aug 29, 2025
reddounsf Credited to reddounsf and medikoo medikoo medikoo
JetBrains Ktor information disclosure Moderate
CVE-2024-49580 was published for io.ktor:ktor-client-core-jvm (Maven) Oct 17, 2024
AlexeyTsvetkov Credited to AlexeyTsvetkov
Session is cached for OpenID and OAuth2 if `redirect` is not used High
CVE-2024-45596 was published for @directus/api (npm) Sep 10, 2024
joselcvarela Credited to joselcvarela
CoreDNS may return invalid cache entries Moderate
CVE-2024-0874 was published for github.com/coredns/coredns (Go) Apr 25, 2024
Shopware's session is persistent in Cache for 404 pages High
CVE-2024-27917 was published for shopware/platform (Composer) Mar 6, 2024
sunnypatell Credited to sunnypatell
Batched HTTP requests may set incorrect `cache-control` response header Moderate
GHSA-8r69-3cvp-wxc3 was published for @apollo/server (npm) Nov 2, 2022
rdiffweb vulnerable to Use of Cache Containing Sensitive Information Moderate
CVE-2022-3292 was published for rdiffweb (pip) Sep 29, 2022
Kubernetes Unsafe Cacheing Moderate
CVE-2019-11244 was published for k8s.io/client-go (Go) Feb 15, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database