GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,944
Erlang
29
GitHub Actions
16
Go
1,729
Maven
4,955
npm
3,489
NuGet
607
pip
3,056
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
193 advisories
Filter by severity
HTTP Request smuggling in tiny_http
Moderate
CVE-2020-35884
was published
for
tiny_http
(Rust)
Aug 25, 2021
HTTP Request Smuggling in Apache Tomcat
Moderate
CVE-2021-33037
was published
for
org.apache.tomcat:tomcat
(Maven)
Aug 13, 2021
Lenient Parsing of Content-Length Header When Prefixed with Plus Sign
Low
CVE-2021-32715
was published
for
hyper
(Rust)
Jul 12, 2021
Inconsistent Interpretation of HTTP Requests in github.com/gin-gonic/gin
High
CVE-2020-28483
was published
for
github.com/gin-gonic/gin
(Go)
Jun 23, 2021
HTTP request smuggling in Undertow
Moderate
CVE-2021-20220
was published
for
io.undertow:undertow-core
(Maven)
Jun 16, 2021
HTTP Request Smuggling in goliath
High
CVE-2020-7671
was published
for
goliath
(RubyGems)
May 24, 2021
HTTP Request Smuggling in akka-http-core
Moderate
CVE-2021-23339
was published
for
com.typesafe.akka:akka-http-core
(Maven)
May 10, 2021
HTTP Request Smuggling in Undertow
Moderate
CVE-2020-10687
was published
for
io.undertow:undertow-core
(Maven)
Apr 30, 2021
HTTP Request Smuggling in Undertow
Moderate
CVE-2020-10719
was published
for
io.undertow:undertow-core
(Maven)
Apr 30, 2021
Possible request smuggling in HTTP/2 due missing validation of content-length
Moderate
CVE-2021-21409
was published
for
io.netty:netty
(Maven)
Mar 30, 2021
Possible request smuggling in HTTP/2 due missing validation
Moderate
CVE-2021-21295
was published
for
io.netty:netty
(Maven)
Mar 9, 2021
Web Cache Poisoning in find-my-way
Moderate
CVE-2020-7764
was published
for
find-my-way
(npm)
Nov 9, 2020
Withdrawn: HTTP Request Smuggling in Agoo
Moderate
CVE-2020-7670
was published
for
agoo
(RubyGems)
Oct 20, 2020
•
withdrawn
HTTP Smuggling via Transfer-Encoding Header in Puma
Moderate
CVE-2020-11077
was published
for
puma
(RubyGems)
May 22, 2020
HTTP Smuggling via Transfer-Encoding Header in Puma
High
CVE-2020-11076
was published
for
puma
(RubyGems)
May 22, 2020
Improper Neutralization of CRLF Sequences in HTTP Headers in Jooby ('HTTP Response Splitting)
Critical
CVE-2020-7622
was published
for
io.jooby:jooby-netty
(Maven)
Apr 3, 2020
Improper Input Validation in Twisted
Critical
CVE-2020-10108
was published
for
Twisted
(pip)
Mar 31, 2020
HTTP Request Smuggling in Twisted
Critical
CVE-2020-10109
was published
for
Twisted
(pip)
Mar 31, 2020
Micronaut's HTTP client is vulnerable to HTTP Request Header Injection
Critical
CVE-2020-7611
was published
for
io.micronaut:micronaut-http-client
(Maven)
Mar 30, 2020
Potential HTTP request smuggling in Apache Tomcat
Moderate
CVE-2019-17569
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Feb 28, 2020
ProTip!
Advisories are also available from the
GraphQL API