GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
78 advisories
Filter by severity
An issue in kmqtt v0.2.7 allows attackers to cause a Denial of Service(DoS) via a crafted request.
High
Unreviewed
CVE-2024-44775
was published
Oct 15, 2024
An HTTP Request Smuggling vulnerability in Looker allowed an unauthorized attacker to capture...
High
Unreviewed
CVE-2024-8912
was published
Oct 11, 2024
HTTP Request Smuggling in ruby webrick
High
CVE-2024-47220
was published
for
webrick
(RubyGems)
Sep 22, 2024
twisted.web has disordered HTTP pipeline response
High
CVE-2024-41671
was published
for
twisted
(pip)
Jul 29, 2024
Apache Traffic Server accepts characters that are not allowed for HTTP field names and forwards...
High
Unreviewed
CVE-2023-38522
was published
Jul 26, 2024
This vulnerability allows a high-privileged authenticated PAM user to achieve remote command...
High
Unreviewed
CVE-2024-38494
was published
Jul 15, 2024
Next.js Vulnerable to HTTP Request Smuggling
High
CVE-2024-34350
was published
for
next
(npm)
May 9, 2024
Request smuggling leading to endpoint restriction bypass in Gunicorn
High
CVE-2024-1135
was published
for
gunicorn
(pip)
Apr 16, 2024
Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.5~1.7.0 on all platforms allows...
High
Unreviewed
CVE-2024-23452
was published
Feb 8, 2024
chasquid HTTP Request/Response Smuggling vulnerability
High
CVE-2023-52354
was published
for
github.com/albertito/chasquid
(Go)
Jan 22, 2024
Apache Tomcat Improper Input Validation vulnerability
High
CVE-2023-46589
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Nov 28, 2023
HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and...
High
Unreviewed
CVE-2023-40225
was published
Aug 10, 2023
HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows...
High
Unreviewed
CVE-2023-25950
was published
Apr 11, 2023
Apache HTTP Server via mod_proxy_uwsgi HTTP response smuggling
High
CVE-2023-27522
was published
for
uWSGI
(pip)
Mar 7, 2023
Dell EMC PV ME5, versions ME5.1.0.0.0 and ME5.1.0.1.0, contains a Client-side desync...
High
Unreviewed
CVE-2023-23691
was published
Jan 20, 2023
golang.org/x/net/http2/h2c vulnerable to request smuggling attack
High
CVE-2022-41721
was published
for
golang.org/x/net
(Go)
Jan 14, 2023
An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1. A request...
High
Unreviewed
CVE-2022-45059
was published
Nov 9, 2022
Apache Tomcat may reject request containing invalid Content-Length header
High
CVE-2022-42252
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Nov 1, 2022
Requests forwarded by ReverseProxy include the raw query parameters from the inbound request,...
High
Unreviewed
CVE-2022-2880
was published
Oct 14, 2022
dproxy-nexgen (aka dproxy nexgen) re-uses the DNS transaction id (TXID) value from client queries...
High
Unreviewed
CVE-2022-33988
was published
Aug 16, 2022
Improper Input Validation vulnerability in HTTP/2 request validation of Apache Traffic Server...
High
Unreviewed
CVE-2022-25763
was published
Aug 11, 2022
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in...
High
Unreviewed
CVE-2022-26377
was published
Jun 10, 2022
Belledonne Belle-sip before 5.0.20 can crash applications such as Linphone via an invalid From...
High
Unreviewed
CVE-2021-43610
was published
May 24, 2022
Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate...
High
Unreviewed
CVE-2021-29991
was published
May 24, 2022
An issue was discovered in zeek version 4.1.0. There is a HTTP request splitting vulnerability...
High
Unreviewed
CVE-2021-41732
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API