GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
208 advisories
Filter by severity
Waitress has request processing race condition in HTTP pipelining with invalid first request
Critical
CVE-2024-49768
was published
for
waitress
(pip)
Oct 29, 2024
An issue in kmqtt v0.2.7 allows attackers to cause a Denial of Service(DoS) via a crafted request.
High
Unreviewed
CVE-2024-44775
was published
Oct 15, 2024
An HTTP Request Smuggling vulnerability in Looker allowed an unauthorized attacker to capture...
High
Unreviewed
CVE-2024-8912
was published
Oct 11, 2024
HTTP Request Smuggling Leading to Client Timeouts in resteasy-netty4
Moderate
CVE-2024-9622
was published
for
org.jboss.resteasy:resteasy-netty4-cdi
(Maven)
Oct 8, 2024
HTTP Request Smuggling in ruby webrick
High
CVE-2024-47220
was published
for
webrick
(RubyGems)
Sep 22, 2024
Puma's header normalization allows for client to clobber proxy set headers
Moderate
CVE-2024-45614
was published
for
puma
(RubyGems)
Sep 20, 2024
Loway - CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Moderate
Unreviewed
CVE-2024-42342
was published
Sep 8, 2024
twisted.web has disordered HTTP pipeline response
High
CVE-2024-41671
was published
for
twisted
(pip)
Jul 29, 2024
Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can...
Critical
Unreviewed
CVE-2024-35161
was published
Jul 26, 2024
Apache Traffic Server accepts characters that are not allowed for HTTP field names and forwards...
High
Unreviewed
CVE-2023-38522
was published
Jul 26, 2024
This vulnerability allows a high-privileged authenticated PAM user to achieve remote command...
High
Unreviewed
CVE-2024-38494
was published
Jul 15, 2024
A vulnerability classified as critical was found in mhuertos phpLDAPadmin up to...
Moderate
Unreviewed
CVE-2016-15039
was published
Jul 11, 2024
Improper handling of requests in Routing Release > v0.273.0 and <= v0.297.0 allows an...
Moderate
Unreviewed
CVE-2024-22279
was published
Jun 10, 2024
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in tornado
Moderate
GHSA-753j-mpmx-qq6g
was published
for
tornado
(pip)
Jun 6, 2024
HTTP request desynchronization in Ping Identity PingAccess, all versions prior to 8.0.1 affected...
Unknown
Unreviewed
CVE-2024-23316
was published
May 31, 2024
Next.js Vulnerable to HTTP Request Smuggling
High
CVE-2024-34350
was published
for
next
(npm)
May 9, 2024
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Apache...
Moderate
Unreviewed
CVE-2024-32638
was published
May 2, 2024
Request smuggling leading to endpoint restriction bypass in Gunicorn
High
CVE-2024-1135
was published
for
gunicorn
(pip)
Apr 16, 2024
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before....
Critical
Unreviewed
CVE-2024-22081
was published
Mar 20, 2024
An issue discovered in SELESTA Visual Access Manager 4.38.6 allows attackers to modify the ...
Moderate
Unreviewed
CVE-2023-50811
was published
Mar 20, 2024
HTTP Handling Vulnerability in the Bare server
Critical
CVE-2024-27922
was published
for
@tomphttp/bare-server-node
(npm)
Mar 5, 2024
Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite ...
Moderate
Unreviewed
CVE-2024-20915
was published
Feb 17, 2024
Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.5~1.7.0 on all platforms allows...
High
Unreviewed
CVE-2024-23452
was published
Feb 8, 2024
aiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separators
Moderate
CVE-2024-23829
was published
for
aiohttp
(pip)
Jan 29, 2024
chasquid HTTP Request/Response Smuggling vulnerability
High
CVE-2023-52354
was published
for
github.com/albertito/chasquid
(Go)
Jan 22, 2024
ProTip!
Advisories are also available from the
GraphQL API