GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,536
Composer 4,189
Erlang 31
GitHub Actions 19
Go 1,985
Maven 5,160
npm 3,701
NuGet 657
pip 3,326
Pub 11
RubyGems 882
Rust 836
Swift 35

Unreviewed advisories

All unreviewed 233,416

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

113 advisories

Filter by severity

Sort by

Least recently updated

An issue in kmqtt v0.2.7 allows attackers to cause a Denial of Service(DoS) via a crafted request. High Unreviewed

CVE-2024-44775 was published Oct 15, 2024

An HTTP Request Smuggling vulnerability in Looker allowed an unauthorized attacker to capture... High Unreviewed

CVE-2024-8912 was published Oct 11, 2024

Loway - CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Moderate Unreviewed

CVE-2024-42342 was published Sep 8, 2024

Apache Traffic Server accepts characters that are not allowed for HTTP field names and forwards... High Unreviewed

CVE-2023-38522 was published Jul 26, 2024

Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can... Critical Unreviewed

CVE-2024-35161 was published Jul 26, 2024

This vulnerability allows a high-privileged authenticated PAM user to achieve remote command... High Unreviewed

CVE-2024-38494 was published Jul 15, 2024

A vulnerability classified as critical was found in mhuertos phpLDAPadmin up to... Moderate Unreviewed

CVE-2016-15039 was published Jul 11, 2024

Improper handling of requests in Routing Release > v0.273.0 and <= v0.297.0 allows an... Moderate Unreviewed

CVE-2024-22279 was published Jun 10, 2024

HTTP request desynchronization in Ping Identity PingAccess, all versions prior to 8.0.1 affected... Unknown Unreviewed

CVE-2024-23316 was published May 31, 2024

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Apache... Moderate Unreviewed

CVE-2024-32638 was published May 2, 2024

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before.... Critical Unreviewed

CVE-2024-22081 was published Mar 20, 2024

An issue discovered in SELESTA Visual Access Manager 4.38.6 allows attackers to modify the ... Moderate Unreviewed

CVE-2023-50811 was published Mar 20, 2024

Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite ... Moderate Unreviewed

CVE-2024-20915 was published Feb 17, 2024

Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.5~1.7.0 on all platforms allows... High Unreviewed

CVE-2024-23452 was published Feb 8, 2024

SAP Fiori launchpad - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI... Moderate Unreviewed

CVE-2023-49584 was published Dec 12, 2023

Qlik Sense Enterprise for Windows before August 2023 Patch 2 allows unauthenticated remote code... Critical Unreviewed

CVE-2023-48365 was published Nov 16, 2023

HPE MSA Controller prior to version IN210R004 could be remotely exploited to allow inconsistent... Moderate Unreviewed

CVE-2023-30910 was published Oct 9, 2023

An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions... Critical Unreviewed

CVE-2023-41265 was published Aug 30, 2023

HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and... High Unreviewed

CVE-2023-40225 was published Aug 10, 2023

Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.This... Critical Unreviewed

CVE-2023-33934 was published Aug 9, 2023

VMware Horizon Server contains a HTTP request smuggling vulnerability. A malicious actor with... Moderate Unreviewed

CVE-2023-34037 was published Aug 4, 2023

An unauthenticated attacker in SAP Web Dispatcher - versions WEBDISP 7.49, WEBDISP 7.53, WEBDISP... Critical Unreviewed

CVE-2023-33987 was published Jul 11, 2023

All versions of the package drogonframework/drogon are vulnerable to HTTP Response Splitting when... Moderate Unreviewed

CVE-2023-26137 was published Jul 6, 2023

HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows... High Unreviewed

CVE-2023-25950 was published Apr 11, 2023

Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP... Critical Unreviewed

CVE-2023-25690 was published Mar 7, 2023

Previous 1 2 3 4 5 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

113 advisories