Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+

77 advisories

Loading
io.quarkus.http/quarkus-http-core: Quarkus HTTP Cookie Smuggling High
CVE-2024-12397 was published for io.quarkus.http:quarkus-http-core (Maven) Dec 12, 2024
Undertow incorrectly parses cookies High
CVE-2023-4639 was published for io.undertow:undertow-core (Maven) Nov 17, 2024
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0'... High Unreviewed
CVE-2024-52530 was published Nov 11, 2024
An issue in kmqtt v0.2.7 allows attackers to cause a Denial of Service(DoS) via a crafted request. High Unreviewed
CVE-2024-44775 was published Oct 15, 2024
An HTTP Request Smuggling vulnerability in Looker allowed an unauthorized attacker to capture... High Unreviewed
CVE-2024-8912 was published Oct 11, 2024
HTTP Request Smuggling in ruby webrick High
CVE-2024-47220 was published for webrick (RubyGems) Sep 22, 2024
renatolond bermannoah
Apache Traffic Server accepts characters that are not allowed for HTTP field names and forwards... High Unreviewed
CVE-2023-38522 was published Jul 26, 2024
This vulnerability allows a high-privileged authenticated PAM user to achieve remote command... High Unreviewed
CVE-2024-38494 was published Jul 15, 2024
Next.js Vulnerable to HTTP Request Smuggling High
CVE-2024-34350 was published for next (npm) May 9, 2024
elifoster-block
Vulnerability in the Oracle Production Scheduling product of Oracle E-Business Suite (component:... High Unreviewed
CVE-2024-21088 was published Apr 17, 2024
Request smuggling leading to endpoint restriction bypass in Gunicorn High
CVE-2024-1135 was published for gunicorn (pip) Apr 16, 2024
Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.5~1.7.0 on all platforms allows... High Unreviewed
CVE-2024-23452 was published Feb 8, 2024
chasquid HTTP Request/Response Smuggling vulnerability High
CVE-2023-52354 was published for github.com/albertito/chasquid (Go) Jan 22, 2024
Apache Tomcat Improper Input Validation vulnerability High
CVE-2023-46589 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Nov 28, 2023
biehl1
HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and... High Unreviewed
CVE-2023-40225 was published Aug 10, 2023
HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows... High Unreviewed
CVE-2023-25950 was published Apr 11, 2023
Apache HTTP Server via mod_proxy_uwsgi HTTP response smuggling High
CVE-2023-27522 was published for uWSGI (pip) Mar 7, 2023
joshbressers
Dell EMC PV ME5, versions ME5.1.0.0.0 and ME5.1.0.1.0, contains a Client-side desync... High Unreviewed
CVE-2023-23691 was published Jan 20, 2023
golang.org/x/net/http2/h2c vulnerable to request smuggling attack High
CVE-2022-41721 was published for golang.org/x/net (Go) Jan 14, 2023
An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1. A request... High Unreviewed
CVE-2022-45059 was published Nov 9, 2022
Apache Tomcat may reject request containing invalid Content-Length header High
CVE-2022-42252 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Nov 1, 2022
sunSUNQ westonsteimel
Requests forwarded by ReverseProxy include the raw query parameters from the inbound request,... High Unreviewed
CVE-2022-2880 was published Oct 14, 2022
dproxy-nexgen (aka dproxy nexgen) re-uses the DNS transaction id (TXID) value from client queries... High Unreviewed
CVE-2022-33988 was published Aug 16, 2022
Improper Input Validation vulnerability in HTTP/2 request validation of Apache Traffic Server... High Unreviewed
CVE-2022-25763 was published Aug 11, 2022
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in... High Unreviewed
CVE-2022-26377 was published Jun 10, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database