GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
93 advisories
Filter by severity
Inconsistent interpretation of HTTP requests ('HTTP Request/Response Smuggling') issue exists in...
Moderate
Unreviewed
CVE-2024-53008
was published
Nov 28, 2024
Keycloak proxy header handling Denial-of-Service (DoS) vulnerability
Moderate
CVE-2024-9666
was published
for
org.keycloak:keycloak-quarkus-server
(Maven)
Nov 25, 2024
Duplicate Advisory: Keycloak proxy header handling Denial-of-Service (DoS) vulnerability
Moderate
GHSA-pcx7-8hxg-j823
was published
for
org.keycloak:keycloak-quarkus-server
(Maven)
Nov 25, 2024
•
withdrawn
In Mastodon 4.1.6, API endpoint rate limiting can be bypassed by setting a crafted HTTP request...
Moderate
Unreviewed
CVE-2024-34535
was published
Oct 3, 2024
aiohttp allows request smuggling due to incorrect parsing of chunk extensions
Moderate
CVE-2024-52304
was published
for
aiohttp
(pip)
Nov 18, 2024
HTTP Request Smuggling in Waitress: Invalid whitespace characters in headers (Follow-up)
Moderate
CVE-2019-16789
was published
for
waitress
(pip)
Jan 6, 2020
HTTP Request Smuggling: Invalid Transfer-Encoding in Waitress
Moderate
CVE-2019-16786
was published
for
waitress
(pip)
Dec 20, 2019
HTTP Request Smuggling: LF vs CRLF handling in Waitress
Moderate
CVE-2019-16785
was published
for
waitress
(pip)
Dec 20, 2019
twisted.web has disordered HTTP pipeline response
Moderate
CVE-2023-46137
was published
for
twisted
(pip)
Oct 25, 2023
twisted.web has disordered HTTP pipeline response
Moderate
CVE-2024-41671
was published
for
twisted
(pip)
Jul 29, 2024
HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can...
Moderate
Unreviewed
CVE-2024-24795
was published
Apr 4, 2024
A deep link validation issue in KakaoTalk 10.4.3 allowed a remote adversary to direct users to...
Moderate
Unreviewed
CVE-2023-51219
was published
Jun 3, 2024
An issue discovered in SELESTA Visual Access Manager 4.38.6 allows attackers to modify the ...
Moderate
Unreviewed
CVE-2023-50811
was published
Mar 20, 2024
HTTP Request Smuggling Leading to Client Timeouts in resteasy-netty4
Moderate
CVE-2024-9622
was published
for
org.jboss.resteasy:resteasy-netty4-cdi
(Maven)
Oct 8, 2024
meinheld vulnerable to HTTP Request Smuggling
Moderate
CVE-2020-7658
was published
for
meinheld
(pip)
May 24, 2022
Puma's header normalization allows for client to clobber proxy set headers
Moderate
CVE-2024-45614
was published
for
puma
(RubyGems)
Sep 20, 2024
Loway - CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Moderate
Unreviewed
CVE-2024-42342
was published
Sep 8, 2024
AIOHTTP has problems in HTTP parser (the python one, not llhttp)
Moderate
CVE-2023-47627
was published
for
aiohttp
(pip)
Nov 14, 2023
aiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separators
Moderate
CVE-2024-23829
was published
for
aiohttp
(pip)
Jan 29, 2024
aiohttp.web.Application vulnerable to HTTP request smuggling via llhttp HTTP request parser
Moderate
CVE-2023-37276
was published
for
aiohttp
(pip)
Jul 20, 2023
Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite ...
Moderate
Unreviewed
CVE-2024-20915
was published
Feb 17, 2024
A vulnerability classified as critical was found in mhuertos phpLDAPadmin up to...
Moderate
Unreviewed
CVE-2016-15039
was published
Jul 11, 2024
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in tornado
Moderate
GHSA-753j-mpmx-qq6g
was published
for
tornado
(pip)
Jun 6, 2024
ProTip!
Advisories are also available from the
GraphQL API