Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,944
Erlang
29
GitHub Actions
16
Go
1,729
Maven
4,955
npm
3,489
NuGet
607
pip
3,056
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+

193 advisories

The llhttp parser in the http module in Node v17.6.0 does not correctly handle multi-line... Critical Unreviewed
CVE-2022-32215 was published Jul 15, 2022
llhttp allows HTTP Request Smuggling via Flawed Parsing of Transfer-Encoding Critical
CVE-2022-32213 was published for llhttp (npm) Jul 15, 2022
llhttp allows HTTP Request Smuggling via Improper Delimiting of Header Fields Critical
CVE-2022-32214 was published for llhttp (npm) Jul 15, 2022
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in... High Unreviewed
CVE-2022-26377 was published Jun 10, 2022
The parser in accepts requests with a space (SP) right after the header name before the colon.... Moderate Unreviewed
CVE-2021-22959 was published May 24, 2022
Belledonne Belle-sip before 5.0.20 can crash applications such as Linphone via an invalid From... High Unreviewed
CVE-2021-43610 was published May 24, 2022
Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate... High Unreviewed
CVE-2021-29991 was published May 24, 2022
The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extensions when parsing the body... Moderate Unreviewed
CVE-2021-22960 was published May 24, 2022
An issue was discovered in zeek version 4.1.0. There is a HTTP request splitting vulnerability... High Unreviewed
CVE-2021-41732 was published May 24, 2022
Ping Identity PingAccess before 5.3.3 allows HTTP request smuggling via header manipulation. Moderate Unreviewed
CVE-2021-31923 was published May 24, 2022
SAP Web Dispatcher versions - 7.49, 7.53, 7.77, 7.81, KRNL64NUC - 7.22, 7.22EXT, 7.49, KRNL64UC ... Critical Unreviewed
CVE-2021-38162 was published May 24, 2022
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 a vulnerability may allow remote attackers to... Moderate Unreviewed
CVE-2021-34559 was published May 24, 2022
Belledonne Belle-sip before 4.5.20, as used in Linphone and other products, can crash via an... High Unreviewed
CVE-2021-33056 was published May 24, 2022
An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting')... Moderate Unreviewed
CVE-2021-32598 was published May 24, 2022
SAP Web Dispatcher and Internet Communication Manager (ICM), versions - KRNL32NUC 7.21, 7.21EXT,... Moderate Unreviewed
CVE-2021-33683 was published May 24, 2022
Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a... Moderate Unreviewed
CVE-2021-36740 was published May 24, 2022
Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to... High Unreviewed
CVE-2021-27577 was published May 24, 2022
Invalid values in the Content-Length header sent to Apache Traffic Server allows an attacker to... High Unreviewed
CVE-2021-32565 was published May 24, 2022
Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not... Moderate Unreviewed
CVE-2019-17567 was published May 24, 2022
Some Huawei products have an inconsistent interpretation of HTTP requests vulnerability.... High Unreviewed
CVE-2021-22293 was published May 24, 2022
In JetBrains Ktor before 1.4.3, HTTP Request Smuggling was possible. Moderate Unreviewed
CVE-2021-25762 was published May 24, 2022
All versions of package tornado are vulnerable to Web Cache Poisoning by using a vector called... Moderate Unreviewed
CVE-2020-28476 was published May 24, 2022
SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, 2011, allows an authenticated attacker to... Moderate Unreviewed
CVE-2021-21445 was published May 24, 2022
ATS negative cache option is vulnerable to a cache poisoning attack. If you have this option... High Unreviewed
CVE-2020-17509 was published May 24, 2022
IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web cache poisoning, caused by... Moderate Unreviewed
CVE-2020-4896 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API