Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

47 advisories

Loading
An issue in kmqtt v0.2.7 allows attackers to cause a Denial of Service(DoS) via a crafted request. High Unreviewed
CVE-2024-44775 was published Oct 15, 2024
An HTTP Request Smuggling vulnerability in Looker allowed an unauthorized attacker to capture... High Unreviewed
CVE-2024-8912 was published Oct 11, 2024
Apache Traffic Server accepts characters that are not allowed for HTTP field names and forwards... High Unreviewed
CVE-2023-38522 was published Jul 26, 2024
This vulnerability allows a high-privileged authenticated PAM user to achieve remote command... High Unreviewed
CVE-2024-38494 was published Jul 15, 2024
HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and... High Unreviewed
CVE-2023-40225 was published Aug 10, 2023
HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows... High Unreviewed
CVE-2023-25950 was published Apr 11, 2023
An issue was discovered in OpenResty before 1.15.8.4. ngx_http_lua_subrequest.c allows HTTP... High Unreviewed
CVE-2020-11724 was published May 24, 2022
An issue was discovered in zeek version 4.1.0. There is a HTTP request splitting vulnerability... High Unreviewed
CVE-2021-41732 was published May 24, 2022
M-Files Web before 20.10.9524.1 allows a denial of service via overlapping ranges (in HTTP... High Unreviewed
CVE-2021-37253 was published Dec 6, 2021
HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer... High Unreviewed
CVE-2019-15605 was published May 24, 2022
An HTTP request smuggling in web application in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55,... High Unreviewed
CVE-2021-41436 was published Nov 20, 2021
Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.5~1.7.0 on all platforms allows... High Unreviewed
CVE-2024-23452 was published Feb 8, 2024
Requests forwarded by ReverseProxy include the raw query parameters from the inbound request,... High Unreviewed
CVE-2022-2880 was published Oct 14, 2022
BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4... High Unreviewed
CVE-2021-25220 was published Mar 24, 2022
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') High Unreviewed
CVE-2021-23336 was published Feb 8, 2022
Improper Input Validation vulnerability in HTTP/2 request validation of Apache Traffic Server... High Unreviewed
CVE-2022-25763 was published Aug 11, 2022
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software... High Unreviewed
CVE-2021-34704 was published Jan 12, 2022
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software... High Unreviewed
CVE-2021-1573 was published Jan 12, 2022
A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface ... High Unreviewed
CVE-2019-19223 was published May 24, 2022
An HTTP smuggling attack in the web application of D-Link DIR-X1860 before v1.10WWB09_Beta allows... High Unreviewed
CVE-2021-41442 was published Feb 10, 2022
An issue was discovered in VeridiumID VeridiumAD 2.5.3.0. The HTTP request to trigger push... High Unreviewed
CVE-2021-42791 was published Jan 29, 2022
Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can... High Unreviewed
CVE-2018-12116 was published May 13, 2022
An active network attacker (MiTM) can achieve remote code execution on a machine that runs IKARUS... High Unreviewed
CVE-2017-15643 was published May 17, 2022
Dell EMC PV ME5, versions ME5.1.0.0.0 and ME5.1.0.1.0, contains a Client-side desync... High Unreviewed
CVE-2023-23691 was published Jan 20, 2023
An HTTP/1.1 misconfiguration in web interface of TP-Link AX10v1 before V1_211117 could allow an... High Unreviewed
CVE-2021-41451 was published Dec 18, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database