GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
80 advisories
Filter by severity
HPE has identified a remote HOST header attack vulnerability in HPE CentralView Fraud Risk...
Moderate
Unreviewed
CVE-2018-7068
was published
May 14, 2022
There are multiple HTTP smuggling and cache poisoning issues when clients making malicious...
Moderate
Unreviewed
CVE-2018-8004
was published
May 14, 2022
Undertow vulnerable to Request Smuggling
Moderate
CVE-2017-7559
was published
for
io.undertow:undertow-core
(Maven)
May 13, 2022
HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used...
Moderate
Unreviewed
CVE-2006-6276
was published
May 1, 2022
The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy,...
Moderate
Unreviewed
CVE-2005-2088
was published
May 1, 2022
Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web cache, bypass web application...
Moderate
Unreviewed
CVE-2005-2089
was published
May 1, 2022
A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift...
Moderate
Unreviewed
CVE-2022-0552
was published
Apr 12, 2022
An information disclosure vulnerability exists in the HTTP Server /ping.html functionality of...
Moderate
Unreviewed
CVE-2021-21966
was published
Feb 17, 2022
HTTP request smuggling in netty
Moderate
CVE-2021-43797
was published
for
io.netty:netty
(Maven)
Dec 9, 2021
Webcache Poisoning in symfony/http-kernel
Moderate
CVE-2021-41267
was published
for
symfony/http-kernel
(Composer)
Nov 24, 2021
Async-h1 request smuggling possible with long unread bodies
Moderate
CVE-2020-26281
was published
for
async-h1
(Rust)
Oct 12, 2021
HTTP Request smuggling in tiny_http
Moderate
CVE-2020-35884
was published
for
tiny_http
(Rust)
Aug 25, 2021
HTTP Request Smuggling in Apache Tomcat
Moderate
CVE-2021-33037
was published
for
org.apache.tomcat:tomcat
(Maven)
Aug 13, 2021
HTTP request smuggling in Undertow
Moderate
CVE-2021-20220
was published
for
io.undertow:undertow-core
(Maven)
Jun 16, 2021
HTTP Request Smuggling in akka-http-core
Moderate
CVE-2021-23339
was published
for
com.typesafe.akka:akka-http-core
(Maven)
May 10, 2021
HTTP Request Smuggling in Undertow
Moderate
CVE-2020-10687
was published
for
io.undertow:undertow-core
(Maven)
Apr 30, 2021
HTTP Request Smuggling in Undertow
Moderate
CVE-2020-10719
was published
for
io.undertow:undertow-core
(Maven)
Apr 30, 2021
Possible request smuggling in HTTP/2 due missing validation of content-length
Moderate
CVE-2021-21409
was published
for
io.netty:netty
(Maven)
Mar 30, 2021
Possible request smuggling in HTTP/2 due missing validation
Moderate
CVE-2021-21295
was published
for
io.netty:netty
(Maven)
Mar 9, 2021
Web Cache Poisoning in find-my-way
Moderate
CVE-2020-7764
was published
for
find-my-way
(npm)
Nov 9, 2020
Withdrawn: HTTP Request Smuggling in Agoo
Moderate
CVE-2020-7670
was published
for
agoo
(RubyGems)
Oct 20, 2020
•
withdrawn
HTTP Smuggling via Transfer-Encoding Header in Puma
Moderate
CVE-2020-11077
was published
for
puma
(RubyGems)
May 22, 2020
ProTip!
Advisories are also available from the
GraphQL API