GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
28 advisories
Filter by severity
Request smuggling leading to endpoint restriction bypass in Gunicorn
High
CVE-2024-1135
was published
for
gunicorn
(pip)
Apr 16, 2024
io.quarkus.http/quarkus-http-core: Quarkus HTTP Cookie Smuggling
High
CVE-2024-12397
was published
for
io.quarkus.http:quarkus-http-core
(Maven)
Dec 12, 2024
HTTP Request Smuggling in waitress
High
CVE-2022-24761
was published
for
waitress
(pip)
Mar 18, 2022
Undertow incorrectly parses cookies
High
CVE-2023-4639
was published
for
io.undertow:undertow-core
(Maven)
Nov 17, 2024
HTTP Request Smuggling in ruby webrick
High
CVE-2024-47220
was published
for
webrick
(RubyGems)
Sep 22, 2024
Apache Tomcat Improper Input Validation vulnerability
High
CVE-2023-46589
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Nov 28, 2023
Next.js Vulnerable to HTTP Request Smuggling
High
CVE-2024-34350
was published
for
next
(npm)
May 9, 2024
HTTP Request Smuggling in Netty
High
CVE-2019-16869
was published
for
io.netty:netty-all
(Maven)
Oct 11, 2019
golang.org/x/net/http2/h2c vulnerable to request smuggling attack
High
CVE-2022-41721
was published
for
golang.org/x/net
(Go)
Jan 14, 2023
Inconsistent Interpretation of HTTP Requests in github.com/gin-gonic/gin
High
CVE-2020-28483
was published
for
github.com/gin-gonic/gin
(Go)
Jun 23, 2021
Apache Tomcat may reject request containing invalid Content-Length header
High
CVE-2022-42252
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Nov 1, 2022
WEBRick vulnerable to HTTP Request/Response Smuggling
High
CVE-2020-25613
was published
for
webrick
(RubyGems)
May 24, 2022
Undertow Request Smuggling vulnerability
High
CVE-2017-12165
was published
for
io.undertow:undertow-core
(Maven)
May 13, 2022
chasquid HTTP Request/Response Smuggling vulnerability
High
CVE-2023-52354
was published
for
github.com/albertito/chasquid
(Go)
Jan 22, 2024
Apache HTTP Server via mod_proxy_uwsgi HTTP response smuggling
High
CVE-2023-27522
was published
for
uWSGI
(pip)
Mar 7, 2023
HTTP Request Smuggling: Invalid whitespace characters in headers in Waitress
High
GHSA-m5ff-3wj3-8ph4
was published
for
waitress
(pip)
Dec 26, 2019
HTTP Smuggling via Transfer-Encoding Header in Puma
High
CVE-2020-11076
was published
for
puma
(RubyGems)
May 22, 2020
HTTP Request Smuggling in actix-http
High
CVE-2021-38512
was published
for
actix-http
(Rust)
Aug 25, 2021
Umbraco Persistent Password Reset Poison
High
CVE-2022-22691
was published
for
Umbraco.Cms.Core
(NuGet)
Jan 21, 2022
Umbraco ApplicationURL Overwrite
High
CVE-2022-22690
was published
for
Umbraco.Cms.Core
(NuGet)
Jan 21, 2022
HTTP Request Smuggling in github.com/hyperledger/fabric
High
CVE-2021-43669
was published
for
github.com/hyperledger/fabric
(Go)
Dec 3, 2021
HTTP Request Smuggling in Netty
High
CVE-2020-7238
was published
for
io.netty:netty-handler
(Maven)
Feb 21, 2020
Jetty vulnerable to cache poisoning due to inconsistent HTTP request handling (HTTP Request Smuggling)
High
CVE-2017-7656
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Oct 19, 2018
Inconsistent Interpretation of HTTP Requests in Waitress
High
CVE-2019-16792
was published
for
waitress
(pip)
May 24, 2022
Inconsistent Interpretation of HTTP Requests in Red Hat JBoss EAP
High
CVE-2017-7561
was published
for
org.jboss.resteas:resteasy-jaxrs
(Maven)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API