GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,793
Erlang
29
GitHub Actions
16
Go
1,710
Maven
4,947
npm
3,475
NuGet
605
pip
3,001
Pub
10
RubyGems
828
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
191 advisories
Filter by severity
SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP...
Critical
Unreviewed
CVE-2022-22536
was published
Feb 11, 2022
In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22...
Critical
Unreviewed
CVE-2022-22532
was published
Feb 11, 2022
An HTTP smuggling attack in the web application of D-Link DIR-X1860 before v1.10WWB09_Beta allows...
High
Unreviewed
CVE-2021-41442
was published
Feb 10, 2022
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
High
Unreviewed
CVE-2021-23336
was published
Feb 8, 2022
In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and...
Critical
Unreviewed
CVE-2022-23959
was published
Feb 8, 2022
An issue was discovered in VeridiumID VeridiumAD 2.5.3.0. The HTTP request to trigger push...
High
Unreviewed
CVE-2021-42791
was published
Jan 29, 2022
Umbraco Persistent Password Reset Poison
High
CVE-2022-22691
was published
for
Umbraco.Cms.Core
(NuGet)
Jan 21, 2022
Umbraco ApplicationURL Overwrite
High
CVE-2022-22690
was published
for
Umbraco.Cms.Core
(NuGet)
Jan 21, 2022
Imperva Web Application Firewall (WAF) before 2021-12-31 allows remote unauthenticated attackers...
Critical
Unreviewed
CVE-2021-45468
was published
Jan 15, 2022
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software...
High
Unreviewed
CVE-2021-1573
was published
Jan 12, 2022
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software...
High
Unreviewed
CVE-2021-34704
was published
Jan 12, 2022
An HTTP/1.1 misconfiguration in web interface of TP-Link AX10v1 before V1_211117 could allow an...
High
Unreviewed
CVE-2021-41451
was published
Dec 18, 2021
HTTP request smuggling in netty
Moderate
CVE-2021-43797
was published
for
io.netty:netty
(Maven)
Dec 9, 2021
An HTTP request smuggling attack in TP-Link AX10v1 before v1_211117 allows a remote...
High
Unreviewed
CVE-2021-41450
was published
Dec 9, 2021
M-Files Web before 20.10.9524.1 allows a denial of service via overlapping ranges (in HTTP...
High
Unreviewed
CVE-2021-37253
was published
Dec 6, 2021
HTTP Request Smuggling in github.com/hyperledger/fabric
High
CVE-2021-43669
was published
for
github.com/hyperledger/fabric
(Go)
Dec 3, 2021
Webcache Poisoning in shopware/platform and shopware/core
Critical
GHSA-r64m-qchj-hrjp
was published
for
shopware/core
(Composer)
Nov 24, 2021
Webcache Poisoning in symfony/http-kernel
Moderate
CVE-2021-41267
was published
for
symfony/http-kernel
(Composer)
Nov 24, 2021
An HTTP request smuggling in web application in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55,...
High
Unreviewed
CVE-2021-41436
was published
Nov 20, 2021
Puma with proxy which forwards LF characters as line endings could allow HTTP request smuggling
Low
CVE-2021-41136
was published
for
puma
(RubyGems)
Oct 12, 2021
Async-h1 request smuggling possible with long unread bodies
Moderate
CVE-2020-26281
was published
for
async-h1
(Rust)
Oct 12, 2021
Lacking Protection against HTTP Request Smuggling in mitmproxy
High
CVE-2021-39214
was published
for
mitmproxy
(pip)
Sep 20, 2021
HTTP Request Smuggling in actix-http
High
CVE-2021-38512
was published
for
actix-http
(Rust)
Aug 25, 2021
HTTP Request smuggling in tiny_http
Moderate
CVE-2020-35884
was published
for
tiny_http
(Rust)
Aug 25, 2021
ProTip!
Advisories are also available from the
GraphQL API