Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

245 advisories

Loading
llhttp allows HTTP Request Smuggling via Flawed Parsing of Transfer-Encoding Critical
CVE-2022-32213 was published for llhttp (npm) Jul 15, 2022
llhttp allows HTTP Request Smuggling via Improper Delimiting of Header Fields Critical
CVE-2022-32214 was published for llhttp (npm) Jul 15, 2022
Improper Input Validation vulnerability in HTTP/2 request validation of Apache Traffic Server... High Unreviewed
CVE-2022-25763 was published Aug 11, 2022
HTTP Request Smuggling in Netty Critical
CVE-2019-20444 was published for io.netty:netty (Maven) Feb 21, 2020
KateCatlin westonsteimel
HTTP Request Smuggling in Netty Moderate
CVE-2019-20445 was published for io.netty:netty (Maven) Feb 21, 2020
westonsteimel
Possible request smuggling in HTTP/2 due missing validation Moderate
CVE-2021-21295 was published for io.netty:netty (Maven) Mar 9, 2021
artgon carl-mastrangelo
westonsteimel
HTTP request smuggling in netty Moderate
CVE-2021-43797 was published for io.netty:netty (Maven) Dec 9, 2021
purninavi westonsteimel
Possible request smuggling in HTTP/2 due missing validation of content-length Moderate
CVE-2021-21409 was published for io.netty:netty (Maven) Mar 30, 2021
westonsteimel
HTTP Request Smuggling: Content-Length Sent Twice in Waitress Critical
GHSA-4ppp-gpcr-7qf6 was published for waitress (pip) Dec 20, 2019
HTTP Request Smuggling: Invalid whitespace characters in headers in Waitress High
GHSA-m5ff-3wj3-8ph4 was published for waitress (pip) Dec 26, 2019
Tornado vulnerable to HTTP request smuggling via improper parsing of `Content-Length` fields and chunk lengths Moderate
GHSA-qppv-j76h-2rpx was published for tornado (pip) Aug 14, 2023
kenballus
Apache HTTP Server via mod_proxy_uwsgi HTTP response smuggling High
CVE-2023-27522 was published for uWSGI (pip) Mar 7, 2023
joshbressers
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in... Critical Unreviewed
CVE-2022-36760 was published Jan 17, 2023
SAP Web Dispatcher and Internet Communication Manager (ICM), versions - KRNL32NUC 7.21, 7.21EXT,... Moderate Unreviewed
CVE-2021-33683 was published May 24, 2022
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') High Unreviewed
CVE-2021-23336 was published Feb 8, 2022
A vulnerability in the Clientless SSL VPN (WebVPN) component of Cisco Adaptive Security Appliance... Moderate Unreviewed
CVE-2022-20713 was published Aug 11, 2022
Micronaut's HTTP client is vulnerable to HTTP Request Header Injection Critical
CVE-2020-7611 was published for io.micronaut:micronaut-http-client (Maven) Mar 30, 2020
JLLeitschuh
Puma HTTP Request/Response Smuggling vulnerability Critical
CVE-2023-40175 was published for puma (RubyGems) Aug 18, 2023
kenballus
protocol-http1 HTTP Request/Response Smuggling vulnerability Moderate
CVE-2023-38697 was published for protocol-http1 (RubyGems) Aug 3, 2023
mukeran chenjj
ioquatix
yt-dlp Generic Extractor MITM Vulnerability via Arbitrary Proxy Injection Moderate
CVE-2023-46121 was published for yt-dlp (pip) Nov 15, 2023
coletdjnz
BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4... High Unreviewed
CVE-2021-25220 was published Mar 24, 2022
aiohttp has vulnerable dependency that is vulnerable to request smuggling Moderate
GHSA-pjjw-qhg8-p2p9 was published for aiohttp (pip) Nov 27, 2023
kenballus
Requests forwarded by ReverseProxy include the raw query parameters from the inbound request,... High Unreviewed
CVE-2022-2880 was published Oct 14, 2022
Qlik Sense Enterprise for Windows before August 2023 Patch 2 allows unauthenticated remote code... Critical Unreviewed
CVE-2023-48365 was published Nov 16, 2023
SAP Fiori launchpad - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI... Moderate Unreviewed
CVE-2023-49584 was published Dec 12, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database