GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
218 advisories
Filter by severity
HTTP Request Smuggling in akka-http-core
Moderate
CVE-2021-23339
was published
for
com.typesafe.akka:akka-http-core
(Maven)
May 10, 2021
A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift...
Moderate
Unreviewed
CVE-2022-0552
was published
Apr 12, 2022
The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that...
Critical
Unreviewed
CVE-2022-35256
was published
Dec 6, 2022
The llhttp parser in the http module in Node v17.6.0 does not correctly handle multi-line...
Critical
Unreviewed
CVE-2022-32215
was published
Jul 15, 2022
HTTP Request Smuggling in actix-http
High
CVE-2021-38512
was published
for
actix-http
(Rust)
Aug 25, 2021
An HTTP smuggling attack in the web application of D-Link DIR-X1860 before v1.10WWB09_Beta allows...
High
Unreviewed
CVE-2021-41442
was published
Feb 10, 2022
An issue was discovered in VeridiumID VeridiumAD 2.5.3.0. The HTTP request to trigger push...
High
Unreviewed
CVE-2021-42791
was published
Jan 29, 2022
In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and...
Critical
Unreviewed
CVE-2022-23959
was published
Feb 8, 2022
Umbraco Persistent Password Reset Poison
High
CVE-2022-22691
was published
for
Umbraco.Cms.Core
(NuGet)
Jan 21, 2022
Umbraco ApplicationURL Overwrite
High
CVE-2022-22690
was published
for
Umbraco.Cms.Core
(NuGet)
Jan 21, 2022
Imperva Web Application Firewall (WAF) before 2021-12-31 allows remote unauthenticated attackers...
Critical
Unreviewed
CVE-2021-45468
was published
Jan 15, 2022
Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can...
High
Unreviewed
CVE-2018-12116
was published
May 13, 2022
An active network attacker (MiTM) can achieve remote code execution on a machine that runs IKARUS...
High
Unreviewed
CVE-2017-15643
was published
May 17, 2022
HPE has identified a remote HOST header attack vulnerability in HPE CentralView Fraud Risk...
Moderate
Unreviewed
CVE-2018-7068
was published
May 14, 2022
There are multiple HTTP smuggling and cache poisoning issues when clients making malicious...
Moderate
Unreviewed
CVE-2018-8004
was published
May 14, 2022
The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP...
Critical
Unreviewed
CVE-2015-5740
was published
May 14, 2022
The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP...
Critical
Unreviewed
CVE-2015-5739
was published
May 14, 2022
Dell EMC PV ME5, versions ME5.1.0.0.0 and ME5.1.0.1.0, contains a Client-side desync...
High
Unreviewed
CVE-2023-23691
was published
Jan 20, 2023
Apsis Pound before 2.8a allows request smuggling via crafted headers, a different vulnerability...
Critical
Unreviewed
CVE-2016-10711
was published
May 13, 2022
An HTTP/1.1 misconfiguration in web interface of TP-Link AX10v1 before V1_211117 could allow an...
High
Unreviewed
CVE-2021-41451
was published
Dec 18, 2021
An HTTP request smuggling attack in TP-Link AX10v1 before v1_211117 allows a remote...
High
Unreviewed
CVE-2021-41450
was published
Dec 9, 2021
HTTP Request Smuggling in github.com/hyperledger/fabric
High
CVE-2021-43669
was published
for
github.com/hyperledger/fabric
(Go)
Dec 3, 2021
Code injection in Apache Dubbo
Critical
CVE-2021-30180
was published
for
org.apache.dubbo:dubbo
(Maven)
Mar 18, 2022
HTTP Request Smuggling in Undertow
Moderate
CVE-2020-10687
was published
for
io.undertow:undertow-core
(Maven)
Apr 30, 2021
HTTP Request Smuggling in Undertow
Moderate
CVE-2020-10719
was published
for
io.undertow:undertow-core
(Maven)
Apr 30, 2021
ProTip!
Advisories are also available from the
GraphQL API