GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
80 advisories
Filter by severity
SAP Fiori launchpad - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI...
Moderate
Unreviewed
CVE-2023-49584
was published
Dec 12, 2023
@fastify/reply-from JSON Content-Type parsing confusion
Moderate
CVE-2023-51701
was published
for
@fastify/reply-from
(npm)
Jan 8, 2024
Puma HTTP Request/Response Smuggling vulnerability
Moderate
CVE-2024-21647
was published
for
puma
(RubyGems)
Jan 8, 2024
Webcache Poisoning in symfony/http-kernel
Moderate
CVE-2021-41267
was published
for
symfony/http-kernel
(Composer)
Nov 24, 2021
Ability to expose data in Sylius by using an unintended serialisation group
Moderate
CVE-2020-5220
was published
for
sylius/resource-bundle
(Composer)
Jan 31, 2020
The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy,...
Moderate
Unreviewed
CVE-2005-2088
was published
May 1, 2022
Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web cache, bypass web application...
Moderate
Unreviewed
CVE-2005-2089
was published
May 1, 2022
HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used...
Moderate
Unreviewed
CVE-2006-6276
was published
May 1, 2022
Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling,...
Moderate
Unreviewed
CVE-2022-21826
was published
Oct 1, 2022
HTTP Request Smuggling in Apache Tomcat
Moderate
CVE-2021-33037
was published
for
org.apache.tomcat:tomcat
(Maven)
Aug 13, 2021
Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poisoning.
Moderate
Unreviewed
CVE-2020-10112
was published
May 24, 2022
Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent Interpretation of HTTP Requests.
Moderate
Unreviewed
CVE-2020-10111
was published
May 24, 2022
A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco...
Moderate
Unreviewed
CVE-2019-15272
was published
May 24, 2022
All versions of the package drogonframework/drogon are vulnerable to HTTP Response Splitting when...
Moderate
Unreviewed
CVE-2023-26137
was published
Jul 6, 2023
VMware Horizon Server contains a HTTP request smuggling vulnerability. A malicious actor with...
Moderate
Unreviewed
CVE-2023-34037
was published
Aug 4, 2023
HPE MSA Controller prior to version IN210R004 could be remotely exploited to allow inconsistent...
Moderate
Unreviewed
CVE-2023-30910
was published
Oct 9, 2023
SilverStripe Web Cache Poisoning through HTTPRequestBuilder
Moderate
CVE-2019-19326
was published
for
silverstripe/framework
(Composer)
May 24, 2022
Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not...
Moderate
Unreviewed
CVE-2019-17567
was published
May 24, 2022
Improper handling of requests in Routing Release > v0.273.0 and <= v0.297.0 allows an...
Moderate
Unreviewed
CVE-2024-22279
was published
Jun 10, 2024
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Apache...
Moderate
Unreviewed
CVE-2024-32638
was published
May 2, 2024
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in tornado
Moderate
GHSA-753j-mpmx-qq6g
was published
for
tornado
(pip)
Jun 6, 2024
A vulnerability classified as critical was found in mhuertos phpLDAPadmin up to...
Moderate
Unreviewed
CVE-2016-15039
was published
Jul 11, 2024
Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite ...
Moderate
Unreviewed
CVE-2024-20915
was published
Feb 17, 2024
aiohttp.web.Application vulnerable to HTTP request smuggling via llhttp HTTP request parser
Moderate
CVE-2023-37276
was published
for
aiohttp
(pip)
Jul 20, 2023
aiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separators
Moderate
CVE-2024-23829
was published
for
aiohttp
(pip)
Jan 29, 2024
ProTip!
Advisories are also available from the
GraphQL API