Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

93 advisories

Loading
In JetBrains Ktor before 1.4.1, HTTP request smuggling was possible. Moderate Unreviewed
CVE-2020-26129 was published May 24, 2022
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest'... Moderate Unreviewed
CVE-2020-9490 was published May 24, 2022
Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module... Moderate Unreviewed
CVE-2020-11993 was published May 24, 2022
SilverStripe Web Cache Poisoning through HTTPRequestBuilder Moderate
CVE-2019-19326 was published for silverstripe/framework (Composer) May 24, 2022
meinheld vulnerable to HTTP Request Smuggling Moderate
CVE-2020-7658 was published for meinheld (pip) May 24, 2022
Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poisoning. Moderate Unreviewed
CVE-2020-10112 was published May 24, 2022
Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent Interpretation of HTTP Requests. Moderate Unreviewed
CVE-2020-10111 was published May 24, 2022
NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as... Moderate Unreviewed
CVE-2019-20372 was published May 24, 2022
A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco... Moderate Unreviewed
CVE-2019-15272 was published May 24, 2022
A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a... Moderate Unreviewed
CVE-2019-0197 was published May 24, 2022
HPE has identified a remote HOST header attack vulnerability in HPE CentralView Fraud Risk... Moderate Unreviewed
CVE-2018-7068 was published May 14, 2022
There are multiple HTTP smuggling and cache poisoning issues when clients making malicious... Moderate Unreviewed
CVE-2018-8004 was published May 14, 2022
Undertow vulnerable to Request Smuggling Moderate
CVE-2017-7559 was published for io.undertow:undertow-core (Maven) May 13, 2022
HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used... Moderate Unreviewed
CVE-2006-6276 was published May 1, 2022
Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web cache, bypass web application... Moderate Unreviewed
CVE-2005-2089 was published May 1, 2022
The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy,... Moderate Unreviewed
CVE-2005-2088 was published May 1, 2022
A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift... Moderate Unreviewed
CVE-2022-0552 was published Apr 12, 2022
An information disclosure vulnerability exists in the HTTP Server /ping.html functionality of... Moderate Unreviewed
CVE-2021-21966 was published Feb 17, 2022
HTTP request smuggling in netty Moderate
CVE-2021-43797 was published for io.netty:netty (Maven) Dec 9, 2021
purninavi westonsteimel
Webcache Poisoning in symfony/http-kernel Moderate
CVE-2021-41267 was published for symfony/http-kernel (Composer) Nov 24, 2021
jderusse shyim
Async-h1 request smuggling possible with long unread bodies Moderate
CVE-2020-26281 was published for async-h1 (Rust) Oct 12, 2021
HTTP Request Smuggling in hyper Moderate
CVE-2021-21299 was published for hyper (Rust) Aug 25, 2021
ZeddYu
HTTP Request smuggling in tiny_http Moderate
CVE-2020-35884 was published for tiny_http (Rust) Aug 25, 2021
HTTP Request Smuggling in Apache Tomcat Moderate
CVE-2021-33037 was published for org.apache.tomcat:tomcat (Maven) Aug 13, 2021
mrjonstrong sunSUNQ
HTTP Request Smuggling in netius Moderate
CVE-2020-7655 was published for netius (pip) Jun 18, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database