GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
220 advisories
Filter by severity
A vulnerability in the Clientless SSL VPN (WebVPN) component of Cisco Adaptive Security Appliance...
Moderate
Unreviewed
CVE-2022-20713
was published
Aug 11, 2022
Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1...
Moderate
Unreviewed
CVE-2022-1705
was published
Aug 11, 2022
The llhttp parser in the http module in Node v17.6.0 does not correctly handle multi-line...
Critical
Unreviewed
CVE-2022-32215
was published
Jul 15, 2022
llhttp allows HTTP Request Smuggling via Improper Delimiting of Header Fields
Critical
CVE-2022-32214
was published
for
llhttp
(npm)
Jul 15, 2022
llhttp allows HTTP Request Smuggling via Flawed Parsing of Transfer-Encoding
Critical
CVE-2022-32213
was published
for
llhttp
(npm)
Jul 15, 2022
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in...
High
Unreviewed
CVE-2022-26377
was published
Jun 10, 2022
The parser in accepts requests with a space (SP) right after the header name before the colon....
Moderate
Unreviewed
CVE-2021-22959
was published
May 24, 2022
Belledonne Belle-sip before 5.0.20 can crash applications such as Linphone via an invalid From...
High
Unreviewed
CVE-2021-43610
was published
May 24, 2022
Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate...
High
Unreviewed
CVE-2021-29991
was published
May 24, 2022
The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extensions when parsing the body...
Moderate
Unreviewed
CVE-2021-22960
was published
May 24, 2022
An issue was discovered in zeek version 4.1.0. There is a HTTP request splitting vulnerability...
High
Unreviewed
CVE-2021-41732
was published
May 24, 2022
Ping Identity PingAccess before 5.3.3 allows HTTP request smuggling via header manipulation.
Moderate
Unreviewed
CVE-2021-31923
was published
May 24, 2022
SAP Web Dispatcher versions - 7.49, 7.53, 7.77, 7.81, KRNL64NUC - 7.22, 7.22EXT, 7.49, KRNL64UC ...
Critical
Unreviewed
CVE-2021-38162
was published
May 24, 2022
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 a vulnerability may allow remote attackers to...
Moderate
Unreviewed
CVE-2021-34559
was published
May 24, 2022
Belledonne Belle-sip before 4.5.20, as used in Linphone and other products, can crash via an...
High
Unreviewed
CVE-2021-33056
was published
May 24, 2022
An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting')...
Moderate
Unreviewed
CVE-2021-32598
was published
May 24, 2022
SAP Web Dispatcher and Internet Communication Manager (ICM), versions - KRNL32NUC 7.21, 7.21EXT,...
Moderate
Unreviewed
CVE-2021-33683
was published
May 24, 2022
Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a...
Moderate
Unreviewed
CVE-2021-36740
was published
May 24, 2022
Invalid values in the Content-Length header sent to Apache Traffic Server allows an attacker to...
High
Unreviewed
CVE-2021-32565
was published
May 24, 2022
Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to...
High
Unreviewed
CVE-2021-27577
was published
May 24, 2022
Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not...
Moderate
Unreviewed
CVE-2019-17567
was published
May 24, 2022
Some Huawei products have an inconsistent interpretation of HTTP requests vulnerability....
High
Unreviewed
CVE-2021-22293
was published
May 24, 2022
In JetBrains Ktor before 1.4.3, HTTP Request Smuggling was possible.
Moderate
Unreviewed
CVE-2021-25762
was published
May 24, 2022
All versions of package tornado are vulnerable to Web Cache Poisoning by using a vector called...
Moderate
Unreviewed
CVE-2020-28476
was published
May 24, 2022
SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, 2011, allows an authenticated attacker to...
Moderate
Unreviewed
CVE-2021-21445
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API