GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 19,253
Composer 3,944
Erlang 29
GitHub Actions 16
Go 1,729
Maven 4,955
npm 3,489
NuGet 607
pip 3,056
Pub 10
RubyGems 832
Rust 778
Swift 34

Unreviewed advisories

All unreviewed 219,648

CC-BY-4.0 License

Language support

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

5 advisories

Filter by severity

Sort by

Least recently updated

Aiohttp has inconsistent interpretation of `Content-Length` vs. `Transfer-Encoding` differing in C and Python fallbacks Low

CVE-2023-47641 was published for aiohttp (pip) Nov 14, 2023

Puma with proxy which forwards LF characters as line endings could allow HTTP request smuggling Low

CVE-2021-41136 was published for puma (RubyGems) Oct 12, 2021

Lenient Parsing of Content-Length Header When Prefixed with Plus Sign Low

CVE-2021-32715 was published for hyper (Rust) Jul 12, 2021

Ability to switch channels via GET parameter enabled in production environments Low

CVE-2020-5218 was published for sylius/sylius (Composer) Jan 31, 2020

Request smuggling is possible when both chunked TE and content length specified Low

CVE-2020-5207 was published for io.ktor:ktor-client-cio (Maven) Jan 27, 2020

ProTip! Advisories are also available from the GraphQL API

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

5 advisories