Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

84 advisories

Loading
golang.org/x/net/http2/h2c vulnerable to request smuggling attack High
CVE-2022-41721 was published for golang.org/x/net (Go) Jan 14, 2023
Apache Traffic Server allows request smuggling if chunked messages are malformed.  This... High Unreviewed
CVE-2024-53868 was published Apr 3, 2025
An active network attacker (MiTM) can achieve remote code execution on a machine that runs IKARUS... High Unreviewed
CVE-2017-15643 was published May 17, 2022
An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct... High Unreviewed
CVE-2024-33452 was published Apr 22, 2025
An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1. A request... High Unreviewed
CVE-2022-45059 was published Nov 9, 2022
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in... High Unreviewed
CVE-2022-26377 was published Jun 10, 2022
Pingora Request Smuggling and Cache Poisoning High
CVE-2025-4366 was published for pingora-core (Rust) May 22, 2025
Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies High
CVE-2025-41235 was published for org.springframework.cloud:spring-cloud-gateway-server (Maven) May 30, 2025
WEBRick vulnerable to HTTP Request/Response Smuggling High
CVE-2020-25613 was published for webrick (RubyGems) May 24, 2022
decsecre583
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database