GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,714
NuGet
661
pip
3,387
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
99 advisories
Filter by severity
Critical severity vulnerability that affects org.eclipse.jetty:jetty-server
Critical
CVE-2017-7657
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Oct 19, 2018
Jetty vulnerable to cache poisoning due to inconsistent HTTP request handling (HTTP Request Smuggling)
High
CVE-2017-7656
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Oct 19, 2018
Jetty vulnerable to authorization bypass due to inconsistent HTTP request handling (HTTP Request Smuggling)
Critical
CVE-2017-7658
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Oct 19, 2018
Undertow-core vulnerable to HTTP Request Smuggling
Moderate
CVE-2017-2666
was published
for
io.undertow:undertow-core
(Maven)
Oct 19, 2018
Parse Server before v3.4.1 vulnerable to Denial of Service
High
CVE-2019-1020012
was published
for
parse-server
(npm)
Jun 13, 2019
HTTP Request Smuggling in Netty
High
CVE-2019-16869
was published
for
io.netty:netty-all
(Maven)
Oct 11, 2019
HTTP Request Smuggling: LF vs CRLF handling in Waitress
Moderate
CVE-2019-16785
was published
for
waitress
(pip)
Dec 20, 2019
HTTP Request Smuggling: Invalid Transfer-Encoding in Waitress
Moderate
CVE-2019-16786
was published
for
waitress
(pip)
Dec 20, 2019
HTTP Request Smuggling: Content-Length Sent Twice in Waitress
Critical
GHSA-4ppp-gpcr-7qf6
was published
for
waitress
(pip)
Dec 20, 2019
HTTP Request Smuggling: Invalid whitespace characters in headers in Waitress
High
GHSA-m5ff-3wj3-8ph4
was published
for
waitress
(pip)
Dec 26, 2019
HTTP Request Smuggling in Waitress: Invalid whitespace characters in headers (Follow-up)
Moderate
CVE-2019-16789
was published
for
waitress
(pip)
Jan 6, 2020
Request smuggling is possible when both chunked TE and content length specified
Low
CVE-2020-5207
was published
for
io.ktor:ktor-client-cio
(Maven)
Jan 27, 2020
Ability to expose data in Sylius by using an unintended serialisation group
Moderate
CVE-2020-5220
was published
for
sylius/resource-bundle
(Composer)
Jan 31, 2020
Ability to switch channels via GET parameter enabled in production environments
Low
CVE-2020-5218
was published
for
sylius/sylius
(Composer)
Jan 31, 2020
HTTP Request Smuggling in Netty
Moderate
CVE-2019-20445
was published
for
io.netty:netty
(Maven)
Feb 21, 2020
HTTP Request Smuggling in Netty
Critical
CVE-2019-20444
was published
for
io.netty:netty
(Maven)
Feb 21, 2020
HTTP Request Smuggling in Netty
High
CVE-2020-7238
was published
for
io.netty:netty-handler
(Maven)
Feb 21, 2020
Potential HTTP request smuggling in Apache Tomcat
Moderate
CVE-2020-1935
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Feb 28, 2020
Potential HTTP request smuggling in Apache Tomcat
Moderate
CVE-2019-17569
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Feb 28, 2020
Micronaut's HTTP client is vulnerable to HTTP Request Header Injection
Critical
CVE-2020-7611
was published
for
io.micronaut:micronaut-http-client
(Maven)
Mar 30, 2020
HTTP Request Smuggling in Twisted
Critical
CVE-2020-10109
was published
for
Twisted
(pip)
Mar 31, 2020
Improper Input Validation in Twisted
Critical
CVE-2020-10108
was published
for
Twisted
(pip)
Mar 31, 2020
Improper Neutralization of CRLF Sequences in HTTP Headers in Jooby ('HTTP Response Splitting)
Critical
CVE-2020-7622
was published
for
io.jooby:jooby-netty
(Maven)
Apr 3, 2020
HTTP Smuggling via Transfer-Encoding Header in Puma
High
CVE-2020-11076
was published
for
puma
(RubyGems)
May 22, 2020
HTTP Smuggling via Transfer-Encoding Header in Puma
Moderate
CVE-2020-11077
was published
for
puma
(RubyGems)
May 22, 2020
ProTip!
Advisories are also available from the
GraphQL API