GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
48 advisories
Filter by severity
An information disclosure vulnerability exists in the HTTP Server /ping.html functionality of...
Moderate
Unreviewed
CVE-2021-21966
was published
Feb 17, 2022
The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extensions when parsing the body...
Moderate
Unreviewed
CVE-2021-22960
was published
May 24, 2022
The parser in accepts requests with a space (SP) right after the header name before the colon....
Moderate
Unreviewed
CVE-2021-22959
was published
May 24, 2022
Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1...
Moderate
Unreviewed
CVE-2022-1705
was published
Aug 11, 2022
A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a...
Moderate
Unreviewed
CVE-2019-0197
was published
May 24, 2022
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 a vulnerability may allow remote attackers to...
Moderate
Unreviewed
CVE-2021-34559
was published
May 24, 2022
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest'...
Moderate
Unreviewed
CVE-2020-9490
was published
May 24, 2022
NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as...
Moderate
Unreviewed
CVE-2019-20372
was published
May 24, 2022
Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module...
Moderate
Unreviewed
CVE-2020-11993
was published
May 24, 2022
In JetBrains Ktor before 1.4.1, HTTP request smuggling was possible.
Moderate
Unreviewed
CVE-2020-26129
was published
May 24, 2022
Kamailio before 5.4.0, as used in Sip Express Router (SER) in Sippy Softswitch 4.5 through 5.2...
Moderate
Unreviewed
CVE-2020-28361
was published
May 24, 2022
SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, 2011, allows an authenticated attacker to...
Moderate
Unreviewed
CVE-2021-21445
was published
May 24, 2022
In JetBrains Ktor before 1.4.3, HTTP Request Smuggling was possible.
Moderate
Unreviewed
CVE-2021-25762
was published
May 24, 2022
IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web cache poisoning, caused by...
Moderate
Unreviewed
CVE-2020-4896
was published
May 24, 2022
All versions of package tornado are vulnerable to Web Cache Poisoning by using a vector called...
Moderate
Unreviewed
CVE-2020-28476
was published
May 24, 2022
Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a...
Moderate
Unreviewed
CVE-2021-36740
was published
May 24, 2022
An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting')...
Moderate
Unreviewed
CVE-2021-32598
was published
May 24, 2022
Ping Identity PingAccess before 5.3.3 allows HTTP request smuggling via header manipulation.
Moderate
Unreviewed
CVE-2021-31923
was published
May 24, 2022
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in...
Moderate
Unreviewed
CVE-2020-8287
was published
May 24, 2022
Multiple instances of improper input validation vulnerability in Fortinet FortiADC version 7.1.0,...
Moderate
Unreviewed
CVE-2022-33876
was published
Dec 6, 2022
There are multiple HTTP smuggling and cache poisoning issues when clients making malicious...
Moderate
Unreviewed
CVE-2018-8004
was published
May 14, 2022
HPE has identified a remote HOST header attack vulnerability in HPE CentralView Fraud Risk...
Moderate
Unreviewed
CVE-2018-7068
was published
May 14, 2022
A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift...
Moderate
Unreviewed
CVE-2022-0552
was published
Apr 12, 2022
This vulnerability occurs when a web server fails to correctly process the Content-Length of POST...
Moderate
Unreviewed
CVE-2022-38114
was published
Nov 23, 2022
SAP Web Dispatcher and Internet Communication Manager (ICM), versions - KRNL32NUC 7.21, 7.21EXT,...
Moderate
Unreviewed
CVE-2021-33683
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API