GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
24 advisories
X-Forwarded-For header allows brute-forcing autoblocked IP addresses
Critical
CVE-2023-29141
was published
for
mediawiki/core
(Composer)
Mar 31, 2023
Waitress has request processing race condition in HTTP pipelining with invalid first request
Critical
CVE-2024-49768
was published
for
waitress
(pip)
Oct 29, 2024
Inconsistent Interpretation of HTTP Requests in twisted.web
Critical
CVE-2022-24801
was published
for
twisted
(pip)
Apr 4, 2022
Insufficient Protection against HTTP Request Smuggling in mitmproxy
Critical
CVE-2022-24766
was published
for
mitmproxy
(pip)
Mar 22, 2022
Lacking Protection against HTTP Request Smuggling in mitmproxy
Critical
CVE-2021-39214
was published
for
mitmproxy
(pip)
Sep 20, 2021
HTTP Handling Vulnerability in the Bare server
Critical
CVE-2024-27922
was published
for
@tomphttp/bare-server-node
(npm)
Mar 5, 2024
Puma HTTP Request/Response Smuggling vulnerability
Critical
CVE-2023-40175
was published
for
puma
(RubyGems)
Aug 18, 2023
Micronaut's HTTP client is vulnerable to HTTP Request Header Injection
Critical
CVE-2020-7611
was published
for
io.micronaut:micronaut-http-client
(Maven)
Mar 30, 2020
HTTP Request Smuggling in Netty
Critical
CVE-2019-20444
was published
for
io.netty:netty
(Maven)
Feb 21, 2020
Puma vulnerable to HTTP Request Smuggling
Critical
CVE-2022-24790
was published
for
puma
(RubyGems)
Mar 30, 2022
Jetty vulnerable to authorization bypass due to inconsistent HTTP request handling (HTTP Request Smuggling)
Critical
CVE-2017-7658
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Oct 19, 2018
Improper Neutralization of CRLF Sequences in HTTP Headers in Jooby ('HTTP Response Splitting)
Critical
CVE-2020-7622
was published
for
io.jooby:jooby-netty
(Maven)
Apr 3, 2020
ProTip!
Advisories are also available from the
GraphQL API