Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

32 advisories

Loading
Request smuggling is possible when both chunked TE and content length specified Low
CVE-2020-5207 was published for io.ktor:ktor-client-cio (Maven) Jan 27, 2020
Undertow-core vulnerable to HTTP Request Smuggling Moderate
CVE-2017-2666 was published for io.undertow:undertow-core (Maven) Oct 19, 2018
Inconsistent Interpretation of HTTP Requests in Red Hat JBoss EAP High
CVE-2017-7561 was published for org.jboss.resteas:resteasy-jaxrs (Maven) May 13, 2022
Quarkus does not terminate HTTP requests header context Critical
CVE-2022-2466 was published for io.quarkus:quarkus-core-parent (Maven) Sep 1, 2022
Potential HTTP request smuggling in Apache Tomcat Moderate
CVE-2019-17569 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Feb 28, 2020
Undertow vulnerable to Request Smuggling Moderate
CVE-2017-7559 was published for io.undertow:undertow-core (Maven) May 13, 2022
Jetty vulnerable to cache poisoning due to inconsistent HTTP request handling (HTTP Request Smuggling) High
CVE-2017-7656 was published for org.eclipse.jetty:jetty-server (Maven) Oct 19, 2018
Potential HTTP request smuggling in Apache Tomcat Moderate
CVE-2020-1935 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Feb 28, 2020
HTTP Request Smuggling in Netty High
CVE-2020-7238 was published for io.netty:netty-handler (Maven) Feb 21, 2020
Improper Neutralization of CRLF Sequences in HTTP Headers in Jooby ('HTTP Response Splitting) Critical
CVE-2020-7622 was published for io.jooby:jooby-netty (Maven) Apr 3, 2020
JLLeitschuh
Critical severity vulnerability that affects org.eclipse.jetty:jetty-server Critical
CVE-2017-7657 was published for org.eclipse.jetty:jetty-server (Maven) Oct 19, 2018
HTTP request smuggling in Undertow Moderate
CVE-2021-20220 was published for io.undertow:undertow-core (Maven) Jun 16, 2021
HTTP Request Smuggling in Undertow Moderate
CVE-2020-10719 was published for io.undertow:undertow-core (Maven) Apr 30, 2021
HTTP Request Smuggling in Undertow Moderate
CVE-2020-10687 was published for io.undertow:undertow-core (Maven) Apr 30, 2021
Code injection in Apache Dubbo Critical
CVE-2021-30180 was published for org.apache.dubbo:dubbo (Maven) Mar 18, 2022
HTTP Request Smuggling in akka-http-core Moderate
CVE-2021-23339 was published for com.typesafe.akka:akka-http-core (Maven) May 10, 2021
oliverchang
Jetty vulnerable to authorization bypass due to inconsistent HTTP request handling (HTTP Request Smuggling) Critical
CVE-2017-7658 was published for org.eclipse.jetty:jetty-server (Maven) Oct 19, 2018
westonsteimel
HTTP Request Smuggling in Netty Critical
CVE-2019-20444 was published for io.netty:netty (Maven) Feb 21, 2020
KateCatlin westonsteimel
HTTP Request Smuggling in Netty Moderate
CVE-2019-20445 was published for io.netty:netty (Maven) Feb 21, 2020
westonsteimel
Possible request smuggling in HTTP/2 due missing validation Moderate
CVE-2021-21295 was published for io.netty:netty (Maven) Mar 9, 2021
artgon carl-mastrangelo
westonsteimel
HTTP request smuggling in netty Moderate
CVE-2021-43797 was published for io.netty:netty (Maven) Dec 9, 2021
purninavi westonsteimel
Possible request smuggling in HTTP/2 due missing validation of content-length Moderate
CVE-2021-21409 was published for io.netty:netty (Maven) Mar 30, 2021
westonsteimel
Micronaut's HTTP client is vulnerable to HTTP Request Header Injection Critical
CVE-2020-7611 was published for io.micronaut:micronaut-http-client (Maven) Mar 30, 2020
JLLeitschuh
HTTP Request Smuggling in Apache Tomcat Moderate
CVE-2021-33037 was published for org.apache.tomcat:tomcat (Maven) Aug 13, 2021
mrjonstrong sunSUNQ
Undertow Request Smuggling vulnerability High
CVE-2017-12165 was published for io.undertow:undertow-core (Maven) May 13, 2022
r3kumar
ProTip! Advisories are also available from the GraphQL API