Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+

100 advisories

Loading
Tornado vulnerable to HTTP request smuggling via improper parsing of `Content-Length` fields and chunk lengths Moderate
GHSA-qppv-j76h-2rpx was published for tornado (pip) Aug 14, 2023
kenballus
protocol-http1 HTTP Request/Response Smuggling vulnerability Moderate
CVE-2023-38697 was published for protocol-http1 (RubyGems) Aug 3, 2023
mukeran chenjj
ioquatix
aiohttp.web.Application vulnerable to HTTP request smuggling via llhttp HTTP request parser Moderate
CVE-2023-37276 was published for aiohttp (pip) Jul 20, 2023
sethmlarson
SwiftNIO vulnerable to HTTP request smuggling using malformed Transfer-Encoding header Critical
GHSA-mgc4-wqv7-4pxm was published for github.com/apple/swift-nio (Swift) May 18, 2023
Apache HTTP Server via mod_proxy_uwsgi HTTP response smuggling High
CVE-2023-27522 was published for uWSGI (pip) Mar 7, 2023
joshbressers
golang.org/x/net/http2/h2c vulnerable to request smuggling attack High
CVE-2022-41721 was published for golang.org/x/net (Go) Jan 14, 2023
Apache Tomcat may reject request containing invalid Content-Length header High
CVE-2022-42252 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Nov 1, 2022
sunSUNQ westonsteimel
Quarkus does not terminate HTTP requests header context Critical
CVE-2022-2466 was published for io.quarkus:quarkus-core-parent (Maven) Sep 1, 2022
llhttp allows HTTP Request Smuggling via Flawed Parsing of Transfer-Encoding Critical
CVE-2022-32213 was published for llhttp (npm) Jul 15, 2022
llhttp allows HTTP Request Smuggling via Improper Delimiting of Header Fields Critical
CVE-2022-32214 was published for llhttp (npm) Jul 15, 2022
WEBRick vulnerable to HTTP Request/Response Smuggling High
CVE-2020-25613 was published for webrick (RubyGems) May 24, 2022
SilverStripe Web Cache Poisoning through HTTPRequestBuilder Moderate
CVE-2019-19326 was published for silverstripe/framework (Composer) May 24, 2022
meinheld vulnerable to HTTP Request Smuggling Moderate
CVE-2020-7658 was published for meinheld (pip) May 24, 2022
Inconsistent Interpretation of HTTP Requests in Waitress High
CVE-2019-16792 was published for waitress (pip) May 24, 2022
Inconsistent Interpretation of HTTP Requests in Red Hat JBoss EAP High
CVE-2017-7561 was published for org.jboss.resteas:resteasy-jaxrs (Maven) May 13, 2022
Undertow Request Smuggling vulnerability High
CVE-2017-12165 was published for io.undertow:undertow-core (Maven) May 13, 2022
r3kumar
Undertow vulnerable to Request Smuggling Moderate
CVE-2017-7559 was published for io.undertow:undertow-core (Maven) May 13, 2022
Inconsistent Interpretation of HTTP Requests in twisted.web Critical
CVE-2022-24801 was published for twisted (pip) Apr 4, 2022
zeyu2001 twm
exarkun
Puma vulnerable to HTTP Request Smuggling Critical
CVE-2022-24790 was published for puma (RubyGems) Mar 30, 2022
zeyu2001
Insufficient Protection against HTTP Request Smuggling in mitmproxy Critical
CVE-2022-24766 was published for mitmproxy (pip) Mar 22, 2022
zeyu2001
HTTP Request Smuggling in waitress High
CVE-2022-24761 was published for waitress (pip) Mar 18, 2022
zeyu2001
Code injection in Apache Dubbo Critical
CVE-2021-30180 was published for org.apache.dubbo:dubbo (Maven) Mar 18, 2022
Umbraco Persistent Password Reset Poison High
CVE-2022-22691 was published for Umbraco.Cms.Core (NuGet) Jan 21, 2022
Umbraco ApplicationURL Overwrite High
CVE-2022-22690 was published for Umbraco.Cms.Core (NuGet) Jan 21, 2022
HTTP request smuggling in netty Moderate
CVE-2021-43797 was published for io.netty:netty (Maven) Dec 9, 2021
purninavi westonsteimel
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database