GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
220 advisories
Filter by severity
ATS negative cache option is vulnerable to a cache poisoning attack. If you have this option...
High
Unreviewed
CVE-2020-17509
was published
May 24, 2022
IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web cache poisoning, caused by...
Moderate
Unreviewed
CVE-2020-4896
was published
May 24, 2022
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in...
Moderate
Unreviewed
CVE-2020-8287
was published
May 24, 2022
Kamailio before 5.4.0, as used in Sip Express Router (SER) in Sippy Softswitch 4.5 through 5.2...
Moderate
Unreviewed
CVE-2020-28361
was published
May 24, 2022
In JetBrains Ktor before 1.4.1, HTTP request smuggling was possible.
Moderate
Unreviewed
CVE-2020-26129
was published
May 24, 2022
WEBRick vulnerable to HTTP Request/Response Smuggling
High
CVE-2020-25613
was published
for
webrick
(RubyGems)
May 24, 2022
Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver...
Critical
Unreviewed
CVE-2020-8201
was published
May 24, 2022
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest'...
Moderate
Unreviewed
CVE-2020-9490
was published
May 24, 2022
Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module...
Moderate
Unreviewed
CVE-2020-11993
was published
May 24, 2022
SilverStripe Web Cache Poisoning through HTTPRequestBuilder
Moderate
CVE-2019-19326
was published
for
silverstripe/framework
(Composer)
May 24, 2022
meinheld vulnerable to HTTP Request Smuggling
Moderate
CVE-2020-7658
was published
for
meinheld
(pip)
May 24, 2022
An issue was discovered in OpenResty before 1.15.8.4. ngx_http_lua_subrequest.c allows HTTP...
High
Unreviewed
CVE-2020-11724
was published
May 24, 2022
There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8...
High
Unreviewed
CVE-2020-1944
was published
May 24, 2022
There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8...
High
Unreviewed
CVE-2019-17565
was published
May 24, 2022
There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8...
High
Unreviewed
CVE-2019-17559
was published
May 24, 2022
Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poisoning.
Moderate
Unreviewed
CVE-2020-10112
was published
May 24, 2022
Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent Interpretation of HTTP Requests.
Moderate
Unreviewed
CVE-2020-10111
was published
May 24, 2022
A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface ...
High
Unreviewed
CVE-2019-19223
was published
May 24, 2022
The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP...
Critical
Unreviewed
CVE-2015-5741
was published
May 24, 2022
HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer...
High
Unreviewed
CVE-2019-15605
was published
May 24, 2022
Inconsistent Interpretation of HTTP Requests in Waitress
High
CVE-2019-16792
was published
for
waitress
(pip)
May 24, 2022
NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as...
Moderate
Unreviewed
CVE-2019-20372
was published
May 24, 2022
A flaw was found in HAProxy before 2.0.6. In legacy mode, messages featuring a transfer-encoding...
High
Unreviewed
CVE-2019-18277
was published
May 24, 2022
A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco...
Moderate
Unreviewed
CVE-2019-15272
was published
May 24, 2022
Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.
High
Unreviewed
CVE-2019-16276
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API