Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,944
Erlang
29
GitHub Actions
16
Go
1,729
Maven
4,955
npm
3,489
NuGet
607
pip
3,056
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+

7 advisories

Next.js Vulnerable to HTTP Request Smuggling High
CVE-2024-34350 was published for next (npm) May 9, 2024
elifoster-block
HTTP Handling Vulnerability in the Bare server Critical
CVE-2024-27922 was published for @tomphttp/bare-server-node (npm) Mar 5, 2024
hackermondev
@fastify/reply-from JSON Content-Type parsing confusion Moderate
CVE-2023-51701 was published for @fastify/reply-from (npm) Jan 8, 2024
qwerty472123
llhttp allows HTTP Request Smuggling via Improper Delimiting of Header Fields Critical
CVE-2022-32214 was published for llhttp (npm) Jul 15, 2022
llhttp allows HTTP Request Smuggling via Flawed Parsing of Transfer-Encoding Critical
CVE-2022-32213 was published for llhttp (npm) Jul 15, 2022
Web Cache Poisoning in find-my-way Moderate
CVE-2020-7764 was published for find-my-way (npm) Nov 9, 2020
Parse Server before v3.4.1 vulnerable to Denial of Service High
CVE-2019-1020012 was published for parse-server (npm) Jun 13, 2019
ProTip! Advisories are also available from the GraphQL API