GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
93 advisories
Filter by severity
Undertow-core vulnerable to HTTP Request Smuggling
Moderate
CVE-2017-2666
was published
for
io.undertow:undertow-core
(Maven)
Oct 19, 2018
Web Cache Poisoning in find-my-way
Moderate
CVE-2020-7764
was published
for
find-my-way
(npm)
Nov 9, 2020
Withdrawn: HTTP Request Smuggling in Agoo
Moderate
CVE-2020-7670
was published
for
agoo
(RubyGems)
Oct 20, 2020
•
withdrawn
Async-h1 request smuggling possible with long unread bodies
Moderate
CVE-2020-26281
was published
for
async-h1
(Rust)
Oct 12, 2021
An information disclosure vulnerability exists in the HTTP Server /ping.html functionality of...
Moderate
Unreviewed
CVE-2021-21966
was published
Feb 17, 2022
The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extensions when parsing the body...
Moderate
Unreviewed
CVE-2021-22960
was published
May 24, 2022
The parser in accepts requests with a space (SP) right after the header name before the colon....
Moderate
Unreviewed
CVE-2021-22959
was published
May 24, 2022
Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1...
Moderate
Unreviewed
CVE-2022-1705
was published
Aug 11, 2022
A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a...
Moderate
Unreviewed
CVE-2019-0197
was published
May 24, 2022
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 a vulnerability may allow remote attackers to...
Moderate
Unreviewed
CVE-2021-34559
was published
May 24, 2022
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest'...
Moderate
Unreviewed
CVE-2020-9490
was published
May 24, 2022
NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as...
Moderate
Unreviewed
CVE-2019-20372
was published
May 24, 2022
Potential HTTP request smuggling in Apache Tomcat
Moderate
CVE-2019-17569
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Feb 28, 2020
Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module...
Moderate
Unreviewed
CVE-2020-11993
was published
May 24, 2022
Undertow vulnerable to Request Smuggling
Moderate
CVE-2017-7559
was published
for
io.undertow:undertow-core
(Maven)
May 13, 2022
In JetBrains Ktor before 1.4.1, HTTP request smuggling was possible.
Moderate
Unreviewed
CVE-2020-26129
was published
May 24, 2022
Kamailio before 5.4.0, as used in Sip Express Router (SER) in Sippy Softswitch 4.5 through 5.2...
Moderate
Unreviewed
CVE-2020-28361
was published
May 24, 2022
SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, 2011, allows an authenticated attacker to...
Moderate
Unreviewed
CVE-2021-21445
was published
May 24, 2022
In JetBrains Ktor before 1.4.3, HTTP Request Smuggling was possible.
Moderate
Unreviewed
CVE-2021-25762
was published
May 24, 2022
IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web cache poisoning, caused by...
Moderate
Unreviewed
CVE-2020-4896
was published
May 24, 2022
All versions of package tornado are vulnerable to Web Cache Poisoning by using a vector called...
Moderate
Unreviewed
CVE-2020-28476
was published
May 24, 2022
Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a...
Moderate
Unreviewed
CVE-2021-36740
was published
May 24, 2022
An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting')...
Moderate
Unreviewed
CVE-2021-32598
was published
May 24, 2022
Ping Identity PingAccess before 5.3.3 allows HTTP request smuggling via header manipulation.
Moderate
Unreviewed
CVE-2021-31923
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API