GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,713
NuGet
661
pip
3,386
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
217 advisories
Filter by severity
Request smuggling leading to endpoint restriction bypass in Gunicorn
High
CVE-2024-1135
was published
for
gunicorn
(pip)
Apr 16, 2024
HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can...
Moderate
Unreviewed
CVE-2024-24795
was published
Apr 4, 2024
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before....
Critical
Unreviewed
CVE-2024-22081
was published
Mar 20, 2024
An issue discovered in SELESTA Visual Access Manager 4.38.6 allows attackers to modify the ...
Moderate
Unreviewed
CVE-2023-50811
was published
Mar 20, 2024
HTTP Handling Vulnerability in the Bare server
Critical
CVE-2024-27922
was published
for
@tomphttp/bare-server-node
(npm)
Mar 5, 2024
Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite ...
Moderate
Unreviewed
CVE-2024-20915
was published
Feb 17, 2024
Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.5~1.7.0 on all platforms allows...
High
Unreviewed
CVE-2024-23452
was published
Feb 8, 2024
aiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separators
Moderate
CVE-2024-23829
was published
for
aiohttp
(pip)
Jan 29, 2024
chasquid HTTP Request/Response Smuggling vulnerability
High
CVE-2023-52354
was published
for
github.com/albertito/chasquid
(Go)
Jan 22, 2024
Puma HTTP Request/Response Smuggling vulnerability
Moderate
CVE-2024-21647
was published
for
puma
(RubyGems)
Jan 8, 2024
@fastify/reply-from JSON Content-Type parsing confusion
Moderate
CVE-2023-51701
was published
for
@fastify/reply-from
(npm)
Jan 8, 2024
SAP Fiori launchpad - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI...
Moderate
Unreviewed
CVE-2023-49584
was published
Dec 12, 2023
Apache Tomcat Improper Input Validation vulnerability
High
CVE-2023-46589
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Nov 28, 2023
aiohttp has vulnerable dependency that is vulnerable to request smuggling
Moderate
GHSA-pjjw-qhg8-p2p9
was published
for
aiohttp
(pip)
Nov 27, 2023
Qlik Sense Enterprise for Windows before August 2023 Patch 2 allows unauthenticated remote code...
Critical
Unreviewed
CVE-2023-48365
was published
Nov 16, 2023
yt-dlp Generic Extractor MITM Vulnerability via Arbitrary Proxy Injection
Moderate
CVE-2023-46121
was published
for
yt-dlp
(pip)
Nov 15, 2023
AIOHTTP has problems in HTTP parser (the python one, not llhttp)
Moderate
CVE-2023-47627
was published
for
aiohttp
(pip)
Nov 14, 2023
Aiohttp has inconsistent interpretation of `Content-Length` vs. `Transfer-Encoding` differing in C and Python fallbacks
Low
CVE-2023-47641
was published
for
aiohttp
(pip)
Nov 14, 2023
twisted.web has disordered HTTP pipeline response
Moderate
CVE-2023-46137
was published
for
twisted
(pip)
Oct 25, 2023
HPE MSA Controller prior to version IN210R004 could be remotely exploited to allow inconsistent...
Moderate
Unreviewed
CVE-2023-30910
was published
Oct 9, 2023
An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions...
Critical
Unreviewed
CVE-2023-41265
was published
Aug 30, 2023
Puma HTTP Request/Response Smuggling vulnerability
Critical
CVE-2023-40175
was published
for
puma
(RubyGems)
Aug 18, 2023
Tornado vulnerable to HTTP request smuggling via improper parsing of `Content-Length` fields and chunk lengths
Moderate
GHSA-qppv-j76h-2rpx
was published
for
tornado
(pip)
Aug 14, 2023
HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and...
High
Unreviewed
CVE-2023-40225
was published
Aug 10, 2023
Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.This...
Critical
Unreviewed
CVE-2023-33934
was published
Aug 9, 2023
ProTip!
Advisories are also available from the
GraphQL API