Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

208 advisories

Loading
An HTTP/1.1 misconfiguration in web interface of TP-Link AX10v1 before V1_211117 could allow an... High Unreviewed
CVE-2021-41451 was published Dec 18, 2021
Apsis Pound before 2.8a allows request smuggling via crafted headers, a different vulnerability... Critical Unreviewed
CVE-2016-10711 was published May 13, 2022
Dell EMC PV ME5, versions ME5.1.0.0.0 and ME5.1.0.1.0, contains a Client-side desync... High Unreviewed
CVE-2023-23691 was published Jan 20, 2023
The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP... Critical Unreviewed
CVE-2015-5739 was published May 14, 2022
The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP... Critical Unreviewed
CVE-2015-5740 was published May 14, 2022
There are multiple HTTP smuggling and cache poisoning issues when clients making malicious... Moderate Unreviewed
CVE-2018-8004 was published May 14, 2022
HPE has identified a remote HOST header attack vulnerability in HPE CentralView Fraud Risk... Moderate Unreviewed
CVE-2018-7068 was published May 14, 2022
An active network attacker (MiTM) can achieve remote code execution on a machine that runs IKARUS... High Unreviewed
CVE-2017-15643 was published May 17, 2022
Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can... High Unreviewed
CVE-2018-12116 was published May 13, 2022
Imperva Web Application Firewall (WAF) before 2021-12-31 allows remote unauthenticated attackers... Critical Unreviewed
CVE-2021-45468 was published Jan 15, 2022
Umbraco ApplicationURL Overwrite High
CVE-2022-22690 was published for Umbraco.Cms.Core (NuGet) Jan 21, 2022
Umbraco Persistent Password Reset Poison High
CVE-2022-22691 was published for Umbraco.Cms.Core (NuGet) Jan 21, 2022
In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and... Critical Unreviewed
CVE-2022-23959 was published Feb 8, 2022
An issue was discovered in VeridiumID VeridiumAD 2.5.3.0. The HTTP request to trigger push... High Unreviewed
CVE-2021-42791 was published Jan 29, 2022
An HTTP smuggling attack in the web application of D-Link DIR-X1860 before v1.10WWB09_Beta allows... High Unreviewed
CVE-2021-41442 was published Feb 10, 2022
HTTP Request Smuggling in actix-http High
CVE-2021-38512 was published for actix-http (Rust) Aug 25, 2021
The llhttp parser in the http module in Node v17.6.0 does not correctly handle multi-line... Critical Unreviewed
CVE-2022-32215 was published Jul 15, 2022
The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that... Critical Unreviewed
CVE-2022-35256 was published Dec 6, 2022
A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift... Moderate Unreviewed
CVE-2022-0552 was published Apr 12, 2022
HTTP Request Smuggling in akka-http-core Moderate
CVE-2021-23339 was published for com.typesafe.akka:akka-http-core (Maven) May 10, 2021
oliverchang
Jetty vulnerable to authorization bypass due to inconsistent HTTP request handling (HTTP Request Smuggling) Critical
CVE-2017-7658 was published for org.eclipse.jetty:jetty-server (Maven) Oct 19, 2018
westonsteimel
Lenient Parsing of Content-Length Header When Prefixed with Plus Sign Low
CVE-2021-32715 was published for hyper (Rust) Jul 12, 2021
mattiasgrenfeldt asta12
tdunlap607
Puma vulnerable to HTTP Request Smuggling Critical
CVE-2022-24790 was published for puma (RubyGems) Mar 30, 2022
zeyu2001
Puma with proxy which forwards LF characters as line endings could allow HTTP request smuggling Low
CVE-2021-41136 was published for puma (RubyGems) Oct 12, 2021
asta12 mattiasgrenfeldt
A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface ... High Unreviewed
CVE-2019-19223 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database