Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

32 advisories

Loading
Parse Server before v3.4.1 vulnerable to Denial of Service High
CVE-2019-1020012 was published for parse-server (npm) Jun 13, 2019
HTTP Request Smuggling in reel High
CVE-2020-7659 was published for reel (RubyGems) May 24, 2021
HTTP Request Smuggling in goliath High
CVE-2020-7671 was published for goliath (RubyGems) May 24, 2021
HTTP Request Smuggling in waitress High
CVE-2022-24761 was published for waitress (pip) Mar 18, 2022
zeyu2001
Inconsistent Interpretation of HTTP Requests in Red Hat JBoss EAP High
CVE-2017-7561 was published for org.jboss.resteas:resteasy-jaxrs (Maven) May 13, 2022
Inconsistent Interpretation of HTTP Requests in Waitress High
CVE-2019-16792 was published for waitress (pip) May 24, 2022
Inconsistent Interpretation of HTTP Requests in twisted.web High
CVE-2022-24801 was published for twisted (pip) Apr 4, 2022
zeyu2001 twm
exarkun
Jetty vulnerable to cache poisoning due to inconsistent HTTP request handling (HTTP Request Smuggling) High
CVE-2017-7656 was published for org.eclipse.jetty:jetty-server (Maven) Oct 19, 2018
HTTP Request Smuggling in Netty High
CVE-2020-7238 was published for io.netty:netty-handler (Maven) Feb 21, 2020
HTTP Request Smuggling in github.com/hyperledger/fabric High
CVE-2021-43669 was published for github.com/hyperledger/fabric (Go) Dec 3, 2021
Umbraco ApplicationURL Overwrite High
CVE-2022-22690 was published for Umbraco.Cms.Core (NuGet) Jan 21, 2022
Umbraco Persistent Password Reset Poison High
CVE-2022-22691 was published for Umbraco.Cms.Core (NuGet) Jan 21, 2022
HTTP Request Smuggling in actix-http High
CVE-2021-38512 was published for actix-http (Rust) Aug 25, 2021
HTTP Smuggling via Transfer-Encoding Header in Puma High
CVE-2020-11076 was published for puma (RubyGems) May 22, 2020
ZeddYu
HTTP Request Smuggling in Waitress: Invalid whitespace characters in headers (Follow-up) High
CVE-2019-16789 was published for waitress (pip) Jan 6, 2020
HTTP Request Smuggling: Invalid Transfer-Encoding in Waitress High
CVE-2019-16786 was published for waitress (pip) Dec 20, 2019
HTTP Request Smuggling: Invalid whitespace characters in headers in Waitress High
GHSA-m5ff-3wj3-8ph4 was published for waitress (pip) Dec 26, 2019
HTTP Request Smuggling: LF vs CRLF handling in Waitress High
CVE-2019-16785 was published for waitress (pip) Dec 20, 2019
Apache HTTP Server via mod_proxy_uwsgi HTTP response smuggling High
CVE-2023-27522 was published for uWSGI (pip) Mar 7, 2023
joshbressers
chasquid HTTP Request/Response Smuggling vulnerability High
CVE-2023-52354 was published for github.com/albertito/chasquid (Go) Jan 22, 2024
Undertow Request Smuggling vulnerability High
CVE-2017-12165 was published for io.undertow:undertow-core (Maven) May 13, 2022
r3kumar
WEBRick vulnerable to HTTP Request/Response Smuggling High
CVE-2020-25613 was published for webrick (RubyGems) May 24, 2022
Apache Tomcat may reject request containing invalid Content-Length header High
CVE-2022-42252 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Nov 1, 2022
sunSUNQ westonsteimel
Inconsistent Interpretation of HTTP Requests in github.com/gin-gonic/gin High
CVE-2020-28483 was published for github.com/gin-gonic/gin (Go) Jun 23, 2021
golang.org/x/net/http2/h2c vulnerable to request smuggling attack High
CVE-2022-41721 was published for golang.org/x/net (Go) Jan 14, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database