GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
44 advisories
Filter by severity
In Menlo On-Premise Appliance before 2.88, web policy may not be consistently applied properly to...
Critical
Unreviewed
CVE-2023-29476
was published
Dec 14, 2024
Waitress has request processing race condition in HTTP pipelining with invalid first request
Critical
CVE-2024-49768
was published
for
waitress
(pip)
Oct 29, 2024
Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can...
Critical
Unreviewed
CVE-2024-35161
was published
Jul 26, 2024
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before....
Critical
Unreviewed
CVE-2024-22081
was published
Mar 20, 2024
HTTP Handling Vulnerability in the Bare server
Critical
CVE-2024-27922
was published
for
@tomphttp/bare-server-node
(npm)
Mar 5, 2024
Qlik Sense Enterprise for Windows before August 2023 Patch 2 allows unauthenticated remote code...
Critical
Unreviewed
CVE-2023-48365
was published
Nov 16, 2023
An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions...
Critical
Unreviewed
CVE-2023-41265
was published
Aug 30, 2023
Puma HTTP Request/Response Smuggling vulnerability
Critical
CVE-2023-40175
was published
for
puma
(RubyGems)
Aug 18, 2023
Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.This...
Critical
Unreviewed
CVE-2023-33934
was published
Aug 9, 2023
An unauthenticated attacker in SAP Web Dispatcher - versions WEBDISP 7.49, WEBDISP 7.53, WEBDISP...
Critical
Unreviewed
CVE-2023-33987
was published
Jul 11, 2023
SwiftNIO vulnerable to HTTP request smuggling using malformed Transfer-Encoding header
Critical
GHSA-mgc4-wqv7-4pxm
was published
for
github.com/apple/swift-nio
(Swift)
May 18, 2023
Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP...
Critical
Unreviewed
CVE-2023-25690
was published
Mar 7, 2023
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in...
Critical
Unreviewed
CVE-2022-36760
was published
Jan 17, 2023
The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that...
Critical
Unreviewed
CVE-2022-35256
was published
Dec 6, 2022
Quarkus does not terminate HTTP requests header context
Critical
CVE-2022-2466
was published
for
io.quarkus:quarkus-core-parent
(Maven)
Sep 1, 2022
The llhttp parser in the http module in Node v17.6.0 does not correctly handle multi-line...
Critical
Unreviewed
CVE-2022-32215
was published
Jul 15, 2022
llhttp allows HTTP Request Smuggling via Improper Delimiting of Header Fields
Critical
CVE-2022-32214
was published
for
llhttp
(npm)
Jul 15, 2022
llhttp allows HTTP Request Smuggling via Flawed Parsing of Transfer-Encoding
Critical
CVE-2022-32213
was published
for
llhttp
(npm)
Jul 15, 2022
SAP Web Dispatcher versions - 7.49, 7.53, 7.77, 7.81, KRNL64NUC - 7.22, 7.22EXT, 7.49, KRNL64UC ...
Critical
Unreviewed
CVE-2021-38162
was published
May 24, 2022
Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver...
Critical
Unreviewed
CVE-2020-8201
was published
May 24, 2022
The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP...
Critical
Unreviewed
CVE-2015-5741
was published
May 24, 2022
The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP...
Critical
Unreviewed
CVE-2015-5740
was published
May 14, 2022
The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP...
Critical
Unreviewed
CVE-2015-5739
was published
May 14, 2022
Apsis Pound before 2.8a allows request smuggling via crafted headers, a different vulnerability...
Critical
Unreviewed
CVE-2016-10711
was published
May 13, 2022
Inconsistent Interpretation of HTTP Requests in twisted.web
Critical
CVE-2022-24801
was published
for
twisted
(pip)
Apr 4, 2022
ProTip!
Advisories are also available from the
GraphQL API