Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,360
Erlang
33
GitHub Actions
22
Go
2,127
Maven
5,000+
npm
3,793
NuGet
683
pip
3,471
Pub
12
RubyGems
894
Rust
894
Swift
38
Unreviewed advisories
All unreviewed
5,000+

95 advisories

Loading
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in... Moderate Unreviewed
CVE-2020-8287 was published May 24, 2022
Potential HTTP request smuggling in Apache Tomcat Moderate
CVE-2020-1935 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Feb 28, 2020
Multiple instances of improper input validation vulnerability in Fortinet FortiADC version 7.1.0,... Moderate Unreviewed
CVE-2022-33876 was published Dec 6, 2022
HTTP request smuggling in Undertow Moderate
CVE-2021-20220 was published for io.undertow:undertow-core (Maven) Jun 16, 2021
HTTP Request Smuggling in Undertow Moderate
CVE-2020-10719 was published for io.undertow:undertow-core (Maven) Apr 30, 2021
HTTP Request Smuggling in Undertow Moderate
CVE-2020-10687 was published for io.undertow:undertow-core (Maven) Apr 30, 2021
There are multiple HTTP smuggling and cache poisoning issues when clients making malicious... Moderate Unreviewed
CVE-2018-8004 was published May 14, 2022
HPE has identified a remote HOST header attack vulnerability in HPE CentralView Fraud Risk... Moderate Unreviewed
CVE-2018-7068 was published May 14, 2022
A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift... Moderate Unreviewed
CVE-2022-0552 was published Apr 12, 2022
HTTP Request Smuggling in akka-http-core Moderate
CVE-2021-23339 was published for com.typesafe.akka:akka-http-core (Maven) May 10, 2021
oliverchang
HTTP Smuggling via Transfer-Encoding Header in Puma Moderate
CVE-2020-11077 was published for puma (RubyGems) May 22, 2020
HTTP Request smuggling in tiny_http Moderate
CVE-2020-35884 was published for tiny_http (Rust) Aug 25, 2021
This vulnerability occurs when a web server fails to correctly process the Content-Length of POST... Moderate Unreviewed
CVE-2022-38114 was published Nov 23, 2022
HTTP Request Smuggling in Netty Moderate
CVE-2019-20445 was published for io.netty:netty (Maven) Feb 21, 2020
westonsteimel
Possible request smuggling in HTTP/2 due missing validation Moderate
CVE-2021-21295 was published for io.netty:netty (Maven) Mar 9, 2021
artgon carl-mastrangelo
westonsteimel
HTTP request smuggling in netty Moderate
CVE-2021-43797 was published for io.netty:netty (Maven) Dec 9, 2021
purninavi westonsteimel
Possible request smuggling in HTTP/2 due missing validation of content-length Moderate
CVE-2021-21409 was published for io.netty:netty (Maven) Mar 30, 2021
westonsteimel
Tornado vulnerable to HTTP request smuggling via improper parsing of `Content-Length` fields and chunk lengths Moderate
GHSA-qppv-j76h-2rpx was published for tornado (pip) Aug 14, 2023
kenballus
SAP Web Dispatcher and Internet Communication Manager (ICM), versions - KRNL32NUC 7.21, 7.21EXT,... Moderate Unreviewed
CVE-2021-33683 was published May 24, 2022
A vulnerability in the Clientless SSL VPN (WebVPN) component of Cisco Adaptive Security Appliance... Moderate Unreviewed
CVE-2022-20713 was published Aug 11, 2022
protocol-http1 HTTP Request/Response Smuggling vulnerability Moderate
CVE-2023-38697 was published for protocol-http1 (RubyGems) Aug 3, 2023
mukeran chenjj
ioquatix
yt-dlp Generic Extractor MITM Vulnerability via Arbitrary Proxy Injection Moderate
CVE-2023-46121 was published for yt-dlp (pip) Nov 15, 2023
coletdjnz
aiohttp has vulnerable dependency that is vulnerable to request smuggling Moderate
GHSA-pjjw-qhg8-p2p9 was published for aiohttp (pip) Nov 27, 2023
kenballus
SAP Fiori launchpad - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI... Moderate Unreviewed
CVE-2023-49584 was published Dec 12, 2023
@fastify/reply-from JSON Content-Type parsing confusion Moderate
CVE-2023-51701 was published for @fastify/reply-from (npm) Jan 8, 2024
qwerty472123
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database