Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,746
Maven
5,000+
npm
4,341
NuGet
765
pip
4,113
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

88 advisories

Loading
HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and... High Unreviewed
CVE-2023-40225 was published Aug 10, 2023
HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows... High Unreviewed
CVE-2023-25950 was published Apr 11, 2023
Apache HTTP Server via mod_proxy_uwsgi HTTP response smuggling High
CVE-2023-27522 was published for uWSGI (pip) Mar 7, 2023
joshbressers
Credited to joshbressers
Dell EMC PV ME5, versions ME5.1.0.0.0 and ME5.1.0.1.0, contains a Client-side desync... High Unreviewed
CVE-2023-23691 was published Jan 20, 2023
golang.org/x/net/http2/h2c vulnerable to request smuggling attack High
CVE-2022-41721 was published for golang.org/x/net (Go) Jan 14, 2023
An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1. A request... High Unreviewed
CVE-2022-45059 was published Nov 9, 2022
Apache Tomcat may reject request containing invalid Content-Length header High
CVE-2022-42252 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Nov 1, 2022
sunSUNQ westonsteimel
Credited to sunSUNQ and westonsteimel
Requests forwarded by ReverseProxy include the raw query parameters from the inbound request,... High Unreviewed
CVE-2022-2880 was published Oct 14, 2022
dproxy-nexgen (aka dproxy nexgen) re-uses the DNS transaction id (TXID) value from client queries... High Unreviewed
CVE-2022-33988 was published Aug 16, 2022
Improper Input Validation vulnerability in HTTP/2 request validation of Apache Traffic Server... High Unreviewed
CVE-2022-25763 was published Aug 11, 2022
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in... High Unreviewed
CVE-2022-26377 was published Jun 10, 2022
Belledonne Belle-sip before 5.0.20 can crash applications such as Linphone via an invalid From... High Unreviewed
CVE-2021-43610 was published May 24, 2022
Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate... High Unreviewed
CVE-2021-29991 was published May 24, 2022
An issue was discovered in zeek version 4.1.0. There is a HTTP request splitting vulnerability... High Unreviewed
CVE-2021-41732 was published May 24, 2022
Belledonne Belle-sip before 4.5.20, as used in Linphone and other products, can crash via an... High Unreviewed
CVE-2021-33056 was published May 24, 2022
Invalid values in the Content-Length header sent to Apache Traffic Server allows an attacker to... High Unreviewed
CVE-2021-32565 was published May 24, 2022
Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to... High Unreviewed
CVE-2021-27577 was published May 24, 2022
Some Huawei products have an inconsistent interpretation of HTTP requests vulnerability.... High Unreviewed
CVE-2021-22293 was published May 24, 2022
ATS negative cache option is vulnerable to a cache poisoning attack. If you have this option... High Unreviewed
CVE-2020-17509 was published May 24, 2022
WEBRick vulnerable to HTTP Request/Response Smuggling High
CVE-2020-25613 was published for webrick (RubyGems) May 24, 2022
decsecre583
Credited to decsecre583
An issue was discovered in OpenResty before 1.15.8.4. ngx_http_lua_subrequest.c allows HTTP... High Unreviewed
CVE-2020-11724 was published May 24, 2022
There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8... High Unreviewed
CVE-2020-1944 was published May 24, 2022
There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8... High Unreviewed
CVE-2019-17559 was published May 24, 2022
There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8... High Unreviewed
CVE-2019-17565 was published May 24, 2022
A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface ... High Unreviewed
CVE-2019-19223 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database