GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,714
NuGet
661
pip
3,387
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
118 advisories
Filter by severity
Belledonne Belle-sip before 4.5.20, as used in Linphone and other products, can crash via an...
High
Unreviewed
CVE-2021-33056
was published
May 24, 2022
Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are...
Critical
Unreviewed
CVE-2022-22720
was published
Mar 15, 2022
An information disclosure vulnerability exists in the HTTP Server /ping.html functionality of...
Moderate
Unreviewed
CVE-2021-21966
was published
Feb 17, 2022
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2...
High
Unreviewed
CVE-2017-2850
was published
May 13, 2022
An exploitable vulnerability exists the safe browsing function of the CUJO Smart Firewall,...
High
Unreviewed
CVE-2018-4030
was published
May 13, 2022
The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extensions when parsing the body...
Moderate
Unreviewed
CVE-2021-22960
was published
May 24, 2022
The parser in accepts requests with a space (SP) right after the header name before the colon....
Moderate
Unreviewed
CVE-2021-22959
was published
May 24, 2022
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in...
High
Unreviewed
CVE-2022-26377
was published
Jun 10, 2022
AeroAdmin 4.1 uses an insecure protocol (HTTP) to perform software updates. An attacker can...
High
Unreviewed
CVE-2017-8894
was published
May 17, 2022
Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1...
Moderate
Unreviewed
CVE-2022-1705
was published
Aug 11, 2022
There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8...
High
Unreviewed
CVE-2020-1944
was published
May 24, 2022
There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8...
High
Unreviewed
CVE-2019-17565
was published
May 24, 2022
There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8...
High
Unreviewed
CVE-2019-17559
was published
May 24, 2022
A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a...
Moderate
Unreviewed
CVE-2019-0197
was published
May 24, 2022
In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22...
Critical
Unreviewed
CVE-2022-22532
was published
Feb 11, 2022
An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1. A request...
High
Unreviewed
CVE-2022-45059
was published
Nov 9, 2022
SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP...
Critical
Unreviewed
CVE-2022-22536
was published
Feb 11, 2022
A flaw was found in HAProxy before 2.0.6. In legacy mode, messages featuring a transfer-encoding...
High
Unreviewed
CVE-2019-18277
was published
May 24, 2022
Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.
High
Unreviewed
CVE-2019-16276
was published
May 24, 2022
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 a vulnerability may allow remote attackers to...
Moderate
Unreviewed
CVE-2021-34559
was published
May 24, 2022
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest'...
Moderate
Unreviewed
CVE-2020-9490
was published
May 24, 2022
NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as...
Moderate
Unreviewed
CVE-2019-20372
was published
May 24, 2022
Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module...
Moderate
Unreviewed
CVE-2020-11993
was published
May 24, 2022
In JetBrains Ktor before 1.4.1, HTTP request smuggling was possible.
Moderate
Unreviewed
CVE-2020-26129
was published
May 24, 2022
Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver...
Critical
Unreviewed
CVE-2020-8201
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API