GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,002
Maven
5,000+
npm
3,713
NuGet
661
pip
3,384
Pub
11
RubyGems
885
Rust
850
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
49 advisories
Filter by severity
Belledonne Belle-sip before 4.5.20, as used in Linphone and other products, can crash via an...
High
Unreviewed
CVE-2021-33056
was published
May 24, 2022
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2...
High
Unreviewed
CVE-2017-2850
was published
May 13, 2022
An exploitable vulnerability exists the safe browsing function of the CUJO Smart Firewall,...
High
Unreviewed
CVE-2018-4030
was published
May 13, 2022
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in...
High
Unreviewed
CVE-2022-26377
was published
Jun 10, 2022
AeroAdmin 4.1 uses an insecure protocol (HTTP) to perform software updates. An attacker can...
High
Unreviewed
CVE-2017-8894
was published
May 17, 2022
There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8...
High
Unreviewed
CVE-2020-1944
was published
May 24, 2022
There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8...
High
Unreviewed
CVE-2019-17565
was published
May 24, 2022
There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8...
High
Unreviewed
CVE-2019-17559
was published
May 24, 2022
An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1. A request...
High
Unreviewed
CVE-2022-45059
was published
Nov 9, 2022
A flaw was found in HAProxy before 2.0.6. In legacy mode, messages featuring a transfer-encoding...
High
Unreviewed
CVE-2019-18277
was published
May 24, 2022
Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.
High
Unreviewed
CVE-2019-16276
was published
May 24, 2022
ATS negative cache option is vulnerable to a cache poisoning attack. If you have this option...
High
Unreviewed
CVE-2020-17509
was published
May 24, 2022
dproxy-nexgen (aka dproxy nexgen) re-uses the DNS transaction id (TXID) value from client queries...
High
Unreviewed
CVE-2022-33988
was published
Aug 16, 2022
Some Huawei products have an inconsistent interpretation of HTTP requests vulnerability....
High
Unreviewed
CVE-2021-22293
was published
May 24, 2022
Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to...
High
Unreviewed
CVE-2021-27577
was published
May 24, 2022
Invalid values in the Content-Length header sent to Apache Traffic Server allows an attacker to...
High
Unreviewed
CVE-2021-32565
was published
May 24, 2022
Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate...
High
Unreviewed
CVE-2021-29991
was published
May 24, 2022
Belledonne Belle-sip before 5.0.20 can crash applications such as Linphone via an invalid From...
High
Unreviewed
CVE-2021-43610
was published
May 24, 2022
An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung...
High
Unreviewed
CVE-2018-3909
was published
May 13, 2022
An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung...
High
Unreviewed
CVE-2018-3907
was published
May 13, 2022
An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung...
High
Unreviewed
CVE-2018-3908
was published
May 13, 2022
An HTTP request smuggling attack in TP-Link AX10v1 before v1_211117 allows a remote...
High
Unreviewed
CVE-2021-41450
was published
Dec 9, 2021
An HTTP/1.1 misconfiguration in web interface of TP-Link AX10v1 before V1_211117 could allow an...
High
Unreviewed
CVE-2021-41451
was published
Dec 18, 2021
Dell EMC PV ME5, versions ME5.1.0.0.0 and ME5.1.0.1.0, contains a Client-side desync...
High
Unreviewed
CVE-2023-23691
was published
Jan 20, 2023
An active network attacker (MiTM) can achieve remote code execution on a machine that runs IKARUS...
High
Unreviewed
CVE-2017-15643
was published
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API