GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,944
Erlang
29
GitHub Actions
16
Go
1,729
Maven
4,955
npm
3,489
NuGet
607
pip
3,056
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
73 advisories
Filter by severity
Next.js Vulnerable to HTTP Request Smuggling
High
CVE-2024-34350
was published
for
next
(npm)
May 9, 2024
Request smuggling leading to endpoint restriction bypass in Gunicorn
High
CVE-2024-1135
was published
for
gunicorn
(pip)
Apr 16, 2024
Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.5~1.7.0 on all platforms allows...
High
Unreviewed
CVE-2024-23452
was published
Feb 8, 2024
chasquid HTTP Request/Response Smuggling vulnerability
High
CVE-2023-52354
was published
for
github.com/albertito/chasquid
(Go)
Jan 22, 2024
Apache Tomcat Improper Input Validation vulnerability
High
CVE-2023-46589
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Nov 28, 2023
HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and...
High
Unreviewed
CVE-2023-40225
was published
Aug 10, 2023
HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows...
High
Unreviewed
CVE-2023-25950
was published
Apr 11, 2023
Apache HTTP Server via mod_proxy_uwsgi HTTP response smuggling
High
CVE-2023-27522
was published
for
uWSGI
(pip)
Mar 7, 2023
Dell EMC PV ME5, versions ME5.1.0.0.0 and ME5.1.0.1.0, contains a Client-side desync...
High
Unreviewed
CVE-2023-23691
was published
Jan 20, 2023
golang.org/x/net/http2/h2c vulnerable to request smuggling attack
High
CVE-2022-41721
was published
for
golang.org/x/net
(Go)
Jan 14, 2023
An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1. A request...
High
Unreviewed
CVE-2022-45059
was published
Nov 9, 2022
Apache Tomcat may reject request containing invalid Content-Length header
High
CVE-2022-42252
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Nov 1, 2022
Requests forwarded by ReverseProxy include the raw query parameters from the inbound request,...
High
Unreviewed
CVE-2022-2880
was published
Oct 14, 2022
dproxy-nexgen (aka dproxy nexgen) re-uses the DNS transaction id (TXID) value from client queries...
High
Unreviewed
CVE-2022-33988
was published
Aug 16, 2022
Improper Input Validation vulnerability in HTTP/2 request validation of Apache Traffic Server...
High
Unreviewed
CVE-2022-25763
was published
Aug 11, 2022
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in...
High
Unreviewed
CVE-2022-26377
was published
Jun 10, 2022
Belledonne Belle-sip before 5.0.20 can crash applications such as Linphone via an invalid From...
High
Unreviewed
CVE-2021-43610
was published
May 24, 2022
Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate...
High
Unreviewed
CVE-2021-29991
was published
May 24, 2022
An issue was discovered in zeek version 4.1.0. There is a HTTP request splitting vulnerability...
High
Unreviewed
CVE-2021-41732
was published
May 24, 2022
Belledonne Belle-sip before 4.5.20, as used in Linphone and other products, can crash via an...
High
Unreviewed
CVE-2021-33056
was published
May 24, 2022
Invalid values in the Content-Length header sent to Apache Traffic Server allows an attacker to...
High
Unreviewed
CVE-2021-32565
was published
May 24, 2022
Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to...
High
Unreviewed
CVE-2021-27577
was published
May 24, 2022
Some Huawei products have an inconsistent interpretation of HTTP requests vulnerability....
High
Unreviewed
CVE-2021-22293
was published
May 24, 2022
ATS negative cache option is vulnerable to a cache poisoning attack. If you have this option...
High
Unreviewed
CVE-2020-17509
was published
May 24, 2022
WEBRick vulnerable to HTTP Request/Response Smuggling
High
CVE-2020-25613
was published
for
webrick
(RubyGems)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API