GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,714
NuGet
661
pip
3,387
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
76 advisories
Filter by severity
HTTP Request Smuggling in waitress
High
CVE-2022-24761
was published
for
waitress
(pip)
Mar 18, 2022
Undertow incorrectly parses cookies
High
CVE-2023-4639
was published
for
io.undertow:undertow-core
(Maven)
Nov 17, 2024
Vulnerability in the Oracle Production Scheduling product of Oracle E-Business Suite (component:...
High
Unreviewed
CVE-2024-21088
was published
Apr 17, 2024
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0'...
High
Unreviewed
CVE-2024-52530
was published
Nov 11, 2024
An issue in kmqtt v0.2.7 allows attackers to cause a Denial of Service(DoS) via a crafted request.
High
Unreviewed
CVE-2024-44775
was published
Oct 15, 2024
An HTTP Request Smuggling vulnerability in Looker allowed an unauthorized attacker to capture...
High
Unreviewed
CVE-2024-8912
was published
Oct 11, 2024
HTTP Request Smuggling in ruby webrick
High
CVE-2024-47220
was published
for
webrick
(RubyGems)
Sep 22, 2024
Apache Traffic Server accepts characters that are not allowed for HTTP field names and forwards...
High
Unreviewed
CVE-2023-38522
was published
Jul 26, 2024
This vulnerability allows a high-privileged authenticated PAM user to achieve remote command...
High
Unreviewed
CVE-2024-38494
was published
Jul 15, 2024
Apache Tomcat Improper Input Validation vulnerability
High
CVE-2023-46589
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Nov 28, 2023
Next.js Vulnerable to HTTP Request Smuggling
High
CVE-2024-34350
was published
for
next
(npm)
May 9, 2024
Request smuggling leading to endpoint restriction bypass in Gunicorn
High
CVE-2024-1135
was published
for
gunicorn
(pip)
Apr 16, 2024
HTTP Request Smuggling in Netty
High
CVE-2019-16869
was published
for
io.netty:netty-all
(Maven)
Oct 11, 2019
golang.org/x/net/http2/h2c vulnerable to request smuggling attack
High
CVE-2022-41721
was published
for
golang.org/x/net
(Go)
Jan 14, 2023
Inconsistent Interpretation of HTTP Requests in github.com/gin-gonic/gin
High
CVE-2020-28483
was published
for
github.com/gin-gonic/gin
(Go)
Jun 23, 2021
Apache Tomcat may reject request containing invalid Content-Length header
High
CVE-2022-42252
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Nov 1, 2022
WEBRick vulnerable to HTTP Request/Response Smuggling
High
CVE-2020-25613
was published
for
webrick
(RubyGems)
May 24, 2022
HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and...
High
Unreviewed
CVE-2023-40225
was published
Aug 10, 2023
HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows...
High
Unreviewed
CVE-2023-25950
was published
Apr 11, 2023
An issue was discovered in OpenResty before 1.15.8.4. ngx_http_lua_subrequest.c allows HTTP...
High
Unreviewed
CVE-2020-11724
was published
May 24, 2022
An issue was discovered in zeek version 4.1.0. There is a HTTP request splitting vulnerability...
High
Unreviewed
CVE-2021-41732
was published
May 24, 2022
M-Files Web before 20.10.9524.1 allows a denial of service via overlapping ranges (in HTTP...
High
Unreviewed
CVE-2021-37253
was published
Dec 6, 2021
Undertow Request Smuggling vulnerability
High
CVE-2017-12165
was published
for
io.undertow:undertow-core
(Maven)
May 13, 2022
HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer...
High
Unreviewed
CVE-2019-15605
was published
May 24, 2022
An HTTP request smuggling in web application in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55,...
High
Unreviewed
CVE-2021-41436
was published
Nov 20, 2021
ProTip!
Advisories are also available from the
GraphQL API