GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,714
NuGet
661
pip
3,387
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
217 advisories
Filter by severity
There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8...
High
Unreviewed
CVE-2019-17565
was published
May 24, 2022
There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8...
High
Unreviewed
CVE-2019-17559
was published
May 24, 2022
A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a...
Moderate
Unreviewed
CVE-2019-0197
was published
May 24, 2022
In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22...
Critical
Unreviewed
CVE-2022-22532
was published
Feb 11, 2022
An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1. A request...
High
Unreviewed
CVE-2022-45059
was published
Nov 9, 2022
SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP...
Critical
Unreviewed
CVE-2022-22536
was published
Feb 11, 2022
A flaw was found in HAProxy before 2.0.6. In legacy mode, messages featuring a transfer-encoding...
High
Unreviewed
CVE-2019-18277
was published
May 24, 2022
Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.
High
Unreviewed
CVE-2019-16276
was published
May 24, 2022
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 a vulnerability may allow remote attackers to...
Moderate
Unreviewed
CVE-2021-34559
was published
May 24, 2022
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest'...
Moderate
Unreviewed
CVE-2020-9490
was published
May 24, 2022
NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as...
Moderate
Unreviewed
CVE-2019-20372
was published
May 24, 2022
Potential HTTP request smuggling in Apache Tomcat
Moderate
CVE-2019-17569
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Feb 28, 2020
Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module...
Moderate
Unreviewed
CVE-2020-11993
was published
May 24, 2022
Undertow vulnerable to Request Smuggling
Moderate
CVE-2017-7559
was published
for
io.undertow:undertow-core
(Maven)
May 13, 2022
In JetBrains Ktor before 1.4.1, HTTP request smuggling was possible.
Moderate
Unreviewed
CVE-2020-26129
was published
May 24, 2022
Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver...
Critical
Unreviewed
CVE-2020-8201
was published
May 24, 2022
Kamailio before 5.4.0, as used in Sip Express Router (SER) in Sippy Softswitch 4.5 through 5.2...
Moderate
Unreviewed
CVE-2020-28361
was published
May 24, 2022
SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, 2011, allows an authenticated attacker to...
Moderate
Unreviewed
CVE-2021-21445
was published
May 24, 2022
In JetBrains Ktor before 1.4.3, HTTP Request Smuggling was possible.
Moderate
Unreviewed
CVE-2021-25762
was published
May 24, 2022
IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web cache poisoning, caused by...
Moderate
Unreviewed
CVE-2020-4896
was published
May 24, 2022
ATS negative cache option is vulnerable to a cache poisoning attack. If you have this option...
High
Unreviewed
CVE-2020-17509
was published
May 24, 2022
dproxy-nexgen (aka dproxy nexgen) re-uses the DNS transaction id (TXID) value from client queries...
High
Unreviewed
CVE-2022-33988
was published
Aug 16, 2022
All versions of package tornado are vulnerable to Web Cache Poisoning by using a vector called...
Moderate
Unreviewed
CVE-2020-28476
was published
May 24, 2022
Some Huawei products have an inconsistent interpretation of HTTP requests vulnerability....
High
Unreviewed
CVE-2021-22293
was published
May 24, 2022
Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to...
High
Unreviewed
CVE-2021-27577
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API