Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

120 advisories

Loading
HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and... High Unreviewed
CVE-2023-40225 was published Aug 10, 2023
Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.This... Critical Unreviewed
CVE-2023-33934 was published Aug 9, 2023
VMware Horizon Server contains a HTTP request smuggling vulnerability. A malicious actor with... Moderate Unreviewed
CVE-2023-34037 was published Aug 4, 2023
An unauthenticated attacker in SAP Web Dispatcher - versions WEBDISP 7.49, WEBDISP 7.53, WEBDISP... Critical Unreviewed
CVE-2023-33987 was published Jul 11, 2023
All versions of the package drogonframework/drogon are vulnerable to HTTP Response Splitting when... Moderate Unreviewed
CVE-2023-26137 was published Jul 6, 2023
HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows... High Unreviewed
CVE-2023-25950 was published Apr 11, 2023
Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP... Critical Unreviewed
CVE-2023-25690 was published Mar 7, 2023
Dell EMC PV ME5, versions ME5.1.0.0.0 and ME5.1.0.1.0, contains a Client-side desync... High Unreviewed
CVE-2023-23691 was published Jan 20, 2023
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in... Critical Unreviewed
CVE-2022-36760 was published Jan 17, 2023
Multiple instances of improper input validation vulnerability in Fortinet FortiADC version 7.1.0,... Moderate Unreviewed
CVE-2022-33876 was published Dec 6, 2022
The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that... Critical Unreviewed
CVE-2022-35256 was published Dec 6, 2022
This vulnerability occurs when a web server fails to correctly process the Content-Length of POST... Moderate Unreviewed
CVE-2022-38114 was published Nov 23, 2022
An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1. A request... High Unreviewed
CVE-2022-45059 was published Nov 9, 2022
Requests forwarded by ReverseProxy include the raw query parameters from the inbound request,... High Unreviewed
CVE-2022-2880 was published Oct 14, 2022
Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling,... Moderate Unreviewed
CVE-2022-21826 was published Oct 1, 2022
dproxy-nexgen (aka dproxy nexgen) re-uses the DNS transaction id (TXID) value from client queries... High Unreviewed
CVE-2022-33988 was published Aug 16, 2022
Improper Input Validation vulnerability in HTTP/2 request validation of Apache Traffic Server... High Unreviewed
CVE-2022-25763 was published Aug 11, 2022
A vulnerability in the Clientless SSL VPN (WebVPN) component of Cisco Adaptive Security Appliance... Moderate Unreviewed
CVE-2022-20713 was published Aug 11, 2022
Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1... Moderate Unreviewed
CVE-2022-1705 was published Aug 11, 2022
The llhttp parser in the http module in Node v17.6.0 does not correctly handle multi-line... Critical Unreviewed
CVE-2022-32215 was published Jul 15, 2022
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in... High Unreviewed
CVE-2022-26377 was published Jun 10, 2022
The parser in accepts requests with a space (SP) right after the header name before the colon.... Moderate Unreviewed
CVE-2021-22959 was published May 24, 2022
Belledonne Belle-sip before 5.0.20 can crash applications such as Linphone via an invalid From... High Unreviewed
CVE-2021-43610 was published May 24, 2022
Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate... High Unreviewed
CVE-2021-29991 was published May 24, 2022
The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extensions when parsing the body... Moderate Unreviewed
CVE-2021-22960 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database