GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
211 advisories
Filter by severity
An HTTP/1.1 misconfiguration in web interface of TP-Link AX10v1 before V1_211117 could allow an...
High
Unreviewed
CVE-2021-41451
was published
Dec 18, 2021
Apsis Pound before 2.8a allows request smuggling via crafted headers, a different vulnerability...
Critical
Unreviewed
CVE-2016-10711
was published
May 13, 2022
Dell EMC PV ME5, versions ME5.1.0.0.0 and ME5.1.0.1.0, contains a Client-side desync...
High
Unreviewed
CVE-2023-23691
was published
Jan 20, 2023
The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP...
Critical
Unreviewed
CVE-2015-5739
was published
May 14, 2022
The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP...
Critical
Unreviewed
CVE-2015-5740
was published
May 14, 2022
There are multiple HTTP smuggling and cache poisoning issues when clients making malicious...
Moderate
Unreviewed
CVE-2018-8004
was published
May 14, 2022
HPE has identified a remote HOST header attack vulnerability in HPE CentralView Fraud Risk...
Moderate
Unreviewed
CVE-2018-7068
was published
May 14, 2022
An active network attacker (MiTM) can achieve remote code execution on a machine that runs IKARUS...
High
Unreviewed
CVE-2017-15643
was published
May 17, 2022
Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can...
High
Unreviewed
CVE-2018-12116
was published
May 13, 2022
Imperva Web Application Firewall (WAF) before 2021-12-31 allows remote unauthenticated attackers...
Critical
Unreviewed
CVE-2021-45468
was published
Jan 15, 2022
Umbraco ApplicationURL Overwrite
High
CVE-2022-22690
was published
for
Umbraco.Cms.Core
(NuGet)
Jan 21, 2022
Umbraco Persistent Password Reset Poison
High
CVE-2022-22691
was published
for
Umbraco.Cms.Core
(NuGet)
Jan 21, 2022
In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and...
Critical
Unreviewed
CVE-2022-23959
was published
Feb 8, 2022
An issue was discovered in VeridiumID VeridiumAD 2.5.3.0. The HTTP request to trigger push...
High
Unreviewed
CVE-2021-42791
was published
Jan 29, 2022
An HTTP smuggling attack in the web application of D-Link DIR-X1860 before v1.10WWB09_Beta allows...
High
Unreviewed
CVE-2021-41442
was published
Feb 10, 2022
HTTP Request Smuggling in actix-http
High
CVE-2021-38512
was published
for
actix-http
(Rust)
Aug 25, 2021
The llhttp parser in the http module in Node v17.6.0 does not correctly handle multi-line...
Critical
Unreviewed
CVE-2022-32215
was published
Jul 15, 2022
The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that...
Critical
Unreviewed
CVE-2022-35256
was published
Dec 6, 2022
A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift...
Moderate
Unreviewed
CVE-2022-0552
was published
Apr 12, 2022
HTTP Request Smuggling in akka-http-core
Moderate
CVE-2021-23339
was published
for
com.typesafe.akka:akka-http-core
(Maven)
May 10, 2021
Jetty vulnerable to authorization bypass due to inconsistent HTTP request handling (HTTP Request Smuggling)
Critical
CVE-2017-7658
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Oct 19, 2018
Lenient Parsing of Content-Length Header When Prefixed with Plus Sign
Low
CVE-2021-32715
was published
for
hyper
(Rust)
Jul 12, 2021
Puma vulnerable to HTTP Request Smuggling
Critical
CVE-2022-24790
was published
for
puma
(RubyGems)
Mar 30, 2022
Puma with proxy which forwards LF characters as line endings could allow HTTP request smuggling
Low
CVE-2021-41136
was published
for
puma
(RubyGems)
Oct 12, 2021
A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface ...
High
Unreviewed
CVE-2019-19223
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API