Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

99 advisories

Loading
Keycloak proxy header handling Denial-of-Service (DoS) vulnerability Moderate
CVE-2024-9666 was published for org.keycloak:keycloak-quarkus-server (Maven) Nov 25, 2024
Duplicate Advisory: Keycloak proxy header handling Denial-of-Service (DoS) vulnerability Moderate
GHSA-pcx7-8hxg-j823 was published for org.keycloak:keycloak-quarkus-server (Maven) Nov 25, 2024 withdrawn
Inconsistent Interpretation of HTTP Requests in twisted.web Critical
CVE-2022-24801 was published for twisted (pip) Apr 4, 2022
zeyu2001 twm
exarkun
HTTP Request Smuggling in Twisted Critical
CVE-2020-10109 was published for Twisted (pip) Mar 31, 2020
Improper Input Validation in Twisted Critical
CVE-2020-10108 was published for Twisted (pip) Mar 31, 2020
aiohttp allows request smuggling due to incorrect parsing of chunk extensions Moderate
CVE-2024-52304 was published for aiohttp (pip) Nov 18, 2024
JeppW
HTTP Request Smuggling in waitress High
CVE-2022-24761 was published for waitress (pip) Mar 18, 2022
zeyu2001
HTTP Request Smuggling in Waitress: Invalid whitespace characters in headers (Follow-up) Moderate
CVE-2019-16789 was published for waitress (pip) Jan 6, 2020
HTTP Request Smuggling: Invalid Transfer-Encoding in Waitress Moderate
CVE-2019-16786 was published for waitress (pip) Dec 20, 2019
HTTP Request Smuggling: LF vs CRLF handling in Waitress Moderate
CVE-2019-16785 was published for waitress (pip) Dec 20, 2019
twisted.web has disordered HTTP pipeline response Moderate
CVE-2023-46137 was published for twisted (pip) Oct 25, 2023
mukeran
Undertow incorrectly parses cookies High
CVE-2023-4639 was published for io.undertow:undertow-core (Maven) Nov 17, 2024
twisted.web has disordered HTTP pipeline response Moderate
CVE-2024-41671 was published for twisted (pip) Jul 29, 2024
kenballus twm
adiroiban
Waitress has request processing race condition in HTTP pipelining with invalid first request Critical
CVE-2024-49768 was published for waitress (pip) Oct 29, 2024
digitalresistor mmerickel
HTTP Request Smuggling Leading to Client Timeouts in resteasy-netty4 Moderate
CVE-2024-9622 was published for org.jboss.resteasy:resteasy-netty4-cdi (Maven) Oct 8, 2024
HTTP Request Smuggling in netius Moderate
CVE-2020-7655 was published for netius (pip) Jun 18, 2021
Insufficient Protection against HTTP Request Smuggling in mitmproxy Critical
CVE-2022-24766 was published for mitmproxy (pip) Mar 22, 2022
zeyu2001
Lacking Protection against HTTP Request Smuggling in mitmproxy Critical
CVE-2021-39214 was published for mitmproxy (pip) Sep 20, 2021
chinchila mhils
meinheld vulnerable to HTTP Request Smuggling Moderate
CVE-2020-7658 was published for meinheld (pip) May 24, 2022
HTTP Request Smuggling in ruby webrick High
CVE-2024-47220 was published for webrick (RubyGems) Sep 22, 2024
renatolond bermannoah
Puma's header normalization allows for client to clobber proxy set headers Moderate
CVE-2024-45614 was published for puma (RubyGems) Sep 20, 2024
bottle HTTP Request smuggling Moderate
CVE-2020-28473 was published for bottle (pip) Apr 7, 2021
AIOHTTP has problems in HTTP parser (the python one, not llhttp) Moderate
CVE-2023-47627 was published for aiohttp (pip) Nov 14, 2023
kenballus
aiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separators Moderate
CVE-2024-23829 was published for aiohttp (pip) Jan 29, 2024
pajod
ProTip! Advisories are also available from the GraphQL API