GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
21 advisories
Filter by severity
Critical severity vulnerability that affects org.eclipse.jetty:jetty-server
Critical
CVE-2017-7657
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Oct 19, 2018
Jetty vulnerable to authorization bypass due to inconsistent HTTP request handling (HTTP Request Smuggling)
Critical
CVE-2017-7658
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Oct 19, 2018
HTTP Request Smuggling: Content-Length Sent Twice in Waitress
Critical
GHSA-4ppp-gpcr-7qf6
was published
for
waitress
(pip)
Dec 20, 2019
HTTP Request Smuggling in Netty
Critical
CVE-2019-20444
was published
for
io.netty:netty
(Maven)
Feb 21, 2020
Micronaut's HTTP client is vulnerable to HTTP Request Header Injection
Critical
CVE-2020-7611
was published
for
io.micronaut:micronaut-http-client
(Maven)
Mar 30, 2020
HTTP Request Smuggling in Twisted
Critical
CVE-2020-10109
was published
for
Twisted
(pip)
Mar 31, 2020
Improper Input Validation in Twisted
Critical
CVE-2020-10108
was published
for
Twisted
(pip)
Mar 31, 2020
Improper Neutralization of CRLF Sequences in HTTP Headers in Jooby ('HTTP Response Splitting)
Critical
CVE-2020-7622
was published
for
io.jooby:jooby-netty
(Maven)
Apr 3, 2020
Lacking Protection against HTTP Request Smuggling in mitmproxy
Critical
CVE-2021-39214
was published
for
mitmproxy
(pip)
Sep 20, 2021
Webcache Poisoning in shopware/platform and shopware/core
Critical
GHSA-r64m-qchj-hrjp
was published
for
shopware/core
(Composer)
Nov 24, 2021
Code injection in Apache Dubbo
Critical
CVE-2021-30180
was published
for
org.apache.dubbo:dubbo
(Maven)
Mar 18, 2022
Insufficient Protection against HTTP Request Smuggling in mitmproxy
Critical
CVE-2022-24766
was published
for
mitmproxy
(pip)
Mar 22, 2022
Puma vulnerable to HTTP Request Smuggling
Critical
CVE-2022-24790
was published
for
puma
(RubyGems)
Mar 30, 2022
llhttp allows HTTP Request Smuggling via Improper Delimiting of Header Fields
Critical
CVE-2022-32214
was published
for
llhttp
(npm)
Jul 15, 2022
llhttp allows HTTP Request Smuggling via Flawed Parsing of Transfer-Encoding
Critical
CVE-2022-32213
was published
for
llhttp
(npm)
Jul 15, 2022
Quarkus does not terminate HTTP requests header context
Critical
CVE-2022-2466
was published
for
io.quarkus:quarkus-core-parent
(Maven)
Sep 1, 2022
SwiftNIO vulnerable to HTTP request smuggling using malformed Transfer-Encoding header
Critical
GHSA-mgc4-wqv7-4pxm
was published
for
github.com/apple/swift-nio
(Swift)
May 18, 2023
Puma HTTP Request/Response Smuggling vulnerability
Critical
CVE-2023-40175
was published
for
puma
(RubyGems)
Aug 18, 2023
HTTP Handling Vulnerability in the Bare server
Critical
CVE-2024-27922
was published
for
@tomphttp/bare-server-node
(npm)
Mar 5, 2024
Waitress has request processing race condition in HTTP pipelining with invalid first request
Critical
CVE-2024-49768
was published
for
waitress
(pip)
Oct 29, 2024
ProTip!
Advisories are also available from the
GraphQL API