Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

80 advisories

Loading
meinheld vulnerable to HTTP Request Smuggling Moderate
CVE-2020-7658 was published for meinheld (pip) May 24, 2022
Puma's header normalization allows for client to clobber proxy set headers Moderate
CVE-2024-45614 was published for puma (RubyGems) Sep 20, 2024
bottle HTTP Request smuggling Moderate
CVE-2020-28473 was published for bottle (pip) Apr 7, 2021
Loway - CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Moderate Unreviewed
CVE-2024-42342 was published Sep 8, 2024
AIOHTTP has problems in HTTP parser (the python one, not llhttp) Moderate
CVE-2023-47627 was published for aiohttp (pip) Nov 14, 2023
kenballus
aiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separators Moderate
CVE-2024-23829 was published for aiohttp (pip) Jan 29, 2024
pajod
aiohttp.web.Application vulnerable to HTTP request smuggling via llhttp HTTP request parser Moderate
CVE-2023-37276 was published for aiohttp (pip) Jul 20, 2023
sethmlarson
Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite ... Moderate Unreviewed
CVE-2024-20915 was published Feb 17, 2024
A vulnerability classified as critical was found in mhuertos phpLDAPadmin up to... Moderate Unreviewed
CVE-2016-15039 was published Jul 11, 2024
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in tornado Moderate
GHSA-753j-mpmx-qq6g was published for tornado (pip) Jun 6, 2024
kenballus
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Apache... Moderate Unreviewed
CVE-2024-32638 was published May 2, 2024
Improper handling of requests in Routing Release > v0.273.0 and <= v0.297.0 allows an... Moderate Unreviewed
CVE-2024-22279 was published Jun 10, 2024
Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not... Moderate Unreviewed
CVE-2019-17567 was published May 24, 2022
SilverStripe Web Cache Poisoning through HTTPRequestBuilder Moderate
CVE-2019-19326 was published for silverstripe/framework (Composer) May 24, 2022
HPE MSA Controller prior to version IN210R004 could be remotely exploited to allow inconsistent... Moderate Unreviewed
CVE-2023-30910 was published Oct 9, 2023
VMware Horizon Server contains a HTTP request smuggling vulnerability. A malicious actor with... Moderate Unreviewed
CVE-2023-34037 was published Aug 4, 2023
All versions of the package drogonframework/drogon are vulnerable to HTTP Response Splitting when... Moderate Unreviewed
CVE-2023-26137 was published Jul 6, 2023
A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco... Moderate Unreviewed
CVE-2019-15272 was published May 24, 2022
Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent Interpretation of HTTP Requests. Moderate Unreviewed
CVE-2020-10111 was published May 24, 2022
Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poisoning. Moderate Unreviewed
CVE-2020-10112 was published May 24, 2022
HTTP Request Smuggling in Apache Tomcat Moderate
CVE-2021-33037 was published for org.apache.tomcat:tomcat (Maven) Aug 13, 2021
mrjonstrong sunSUNQ
Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling,... Moderate Unreviewed
CVE-2022-21826 was published Oct 1, 2022
HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used... Moderate Unreviewed
CVE-2006-6276 was published May 1, 2022
Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web cache, bypass web application... Moderate Unreviewed
CVE-2005-2089 was published May 1, 2022
The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy,... Moderate Unreviewed
CVE-2005-2088 was published May 1, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database