Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

136 advisories

Loading
Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow... Moderate Unreviewed
CVE-2025-47905 was published May 14, 2025
A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using `\r\n\rX`... Moderate Unreviewed
CVE-2025-23167 was published May 19, 2025
Radware Cloud Web Application Firewall (WAF) before 2025-05-07 allows remote attackers to bypass... Critical Unreviewed
CVE-2024-56523 was published May 12, 2025
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in... High Unreviewed
CVE-2022-26377 was published Jun 10, 2022
Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module... Moderate Unreviewed
CVE-2020-11993 was published May 24, 2022
An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1. A request... High Unreviewed
CVE-2022-45059 was published Nov 9, 2022
An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct... High Unreviewed
CVE-2024-33452 was published Apr 22, 2025
An active network attacker (MiTM) can achieve remote code execution on a machine that runs IKARUS... High Unreviewed
CVE-2017-15643 was published May 17, 2022
The team has identified a critical vulnerability in the http server of the most recent version of... Moderate Unreviewed
CVE-2024-27982 was published May 7, 2024
Apache Traffic Server allows request smuggling if chunked messages are malformed.  This... High Unreviewed
CVE-2024-53868 was published Apr 3, 2025
Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via... Moderate Unreviewed
CVE-2025-30346 was published Mar 21, 2025
IBM Cognos Controller 11.0.0 through 11.1.0 is vulnerable to a Client-Side Desync (CSD) attack... Moderate Unreviewed
CVE-2022-39163 was published Mar 26, 2025
The pagination class includes arbitrary parameters in links, leading to cache poisoning attack... Moderate Unreviewed
CVE-2024-27185 was published Aug 20, 2024
HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are... Critical Unreviewed
CVE-2023-25725 was published Feb 14, 2023
HTTP Request Smuggling vulnerability in netease-youdao/qanything version 1.4.1 allows attackers... High Unreviewed
CVE-2024-10264 was published Mar 20, 2025
In Perfex Crm < 3.2.1, an authenticated attacker can send a crafted HTTP POST request to the... Moderate Unreviewed
CVE-2024-56908 was published Feb 14, 2025
In JetBrains Ktor before 3.1.1 an HTTP Request Smuggling was possible Moderate Unreviewed
CVE-2025-29904 was published Mar 12, 2025
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in... Critical Unreviewed
CVE-2025-1867 was published Mar 3, 2025
A deep link validation issue in KakaoTalk 10.4.3 allowed a remote adversary to direct users to... Moderate Unreviewed
CVE-2023-51219 was published Jun 3, 2024
Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.5~1.7.0 on all platforms allows... High Unreviewed
CVE-2024-23452 was published Feb 8, 2024
Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services... Moderate Unreviewed
CVE-2024-21281 was published Oct 15, 2024
A flaw was found in OpenShift Service Mesh 2.6.3 and 2.5.6. Rate-limiter avoidance, access... Moderate Unreviewed
CVE-2025-0752 was published Jan 28, 2025
In Menlo On-Premise Appliance before 2.88, web policy may not be consistently applied properly to... Critical Unreviewed
CVE-2023-29476 was published Dec 14, 2024
Inconsistent interpretation of HTTP requests ('HTTP Request/Response Smuggling') issue exists in... Moderate Unreviewed
CVE-2024-53008 was published Nov 28, 2024
In Mastodon 4.1.6, API endpoint rate limiting can be bypassed by setting a crafted HTTP request... Moderate Unreviewed
CVE-2024-34535 was published Oct 3, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database