GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
80 advisories
Filter by severity
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 a vulnerability may allow remote attackers to...
Moderate
Unreviewed
CVE-2021-34559
was published
May 24, 2022
Ping Identity PingAccess before 5.3.3 allows HTTP request smuggling via header manipulation.
Moderate
Unreviewed
CVE-2021-31923
was published
May 24, 2022
The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extensions when parsing the body...
Moderate
Unreviewed
CVE-2021-22960
was published
May 24, 2022
The parser in accepts requests with a space (SP) right after the header name before the colon....
Moderate
Unreviewed
CVE-2021-22959
was published
May 24, 2022
Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1...
Moderate
Unreviewed
CVE-2022-1705
was published
Aug 11, 2022
A vulnerability in the Clientless SSL VPN (WebVPN) component of Cisco Adaptive Security Appliance...
Moderate
Unreviewed
CVE-2022-20713
was published
Aug 11, 2022
Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling,...
Moderate
Unreviewed
CVE-2022-21826
was published
Oct 1, 2022
This vulnerability occurs when a web server fails to correctly process the Content-Length of POST...
Moderate
Unreviewed
CVE-2022-38114
was published
Nov 23, 2022
Multiple instances of improper input validation vulnerability in Fortinet FortiADC version 7.1.0,...
Moderate
Unreviewed
CVE-2022-33876
was published
Dec 6, 2022
All versions of the package drogonframework/drogon are vulnerable to HTTP Response Splitting when...
Moderate
Unreviewed
CVE-2023-26137
was published
Jul 6, 2023
aiohttp.web.Application vulnerable to HTTP request smuggling via llhttp HTTP request parser
Moderate
CVE-2023-37276
was published
for
aiohttp
(pip)
Jul 20, 2023
protocol-http1 HTTP Request/Response Smuggling vulnerability
Moderate
CVE-2023-38697
was published
for
protocol-http1
(RubyGems)
Aug 3, 2023
VMware Horizon Server contains a HTTP request smuggling vulnerability. A malicious actor with...
Moderate
Unreviewed
CVE-2023-34037
was published
Aug 4, 2023
Tornado vulnerable to HTTP request smuggling via improper parsing of `Content-Length` fields and chunk lengths
Moderate
GHSA-qppv-j76h-2rpx
was published
for
tornado
(pip)
Aug 14, 2023
HPE MSA Controller prior to version IN210R004 could be remotely exploited to allow inconsistent...
Moderate
Unreviewed
CVE-2023-30910
was published
Oct 9, 2023
twisted.web has disordered HTTP pipeline response
Moderate
CVE-2023-46137
was published
for
twisted
(pip)
Oct 25, 2023
AIOHTTP has problems in HTTP parser (the python one, not llhttp)
Moderate
CVE-2023-47627
was published
for
aiohttp
(pip)
Nov 14, 2023
yt-dlp Generic Extractor MITM Vulnerability via Arbitrary Proxy Injection
Moderate
CVE-2023-46121
was published
for
yt-dlp
(pip)
Nov 15, 2023
aiohttp has vulnerable dependency that is vulnerable to request smuggling
Moderate
GHSA-pjjw-qhg8-p2p9
was published
for
aiohttp
(pip)
Nov 27, 2023
SAP Fiori launchpad - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI...
Moderate
Unreviewed
CVE-2023-49584
was published
Dec 12, 2023
@fastify/reply-from JSON Content-Type parsing confusion
Moderate
CVE-2023-51701
was published
for
@fastify/reply-from
(npm)
Jan 8, 2024
Puma HTTP Request/Response Smuggling vulnerability
Moderate
CVE-2024-21647
was published
for
puma
(RubyGems)
Jan 8, 2024
aiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separators
Moderate
CVE-2024-23829
was published
for
aiohttp
(pip)
Jan 29, 2024
Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite ...
Moderate
Unreviewed
CVE-2024-20915
was published
Feb 17, 2024
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Apache...
Moderate
Unreviewed
CVE-2024-32638
was published
May 2, 2024
ProTip!
Advisories are also available from the
GraphQL API