Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

39 advisories

Loading
Webcache Poisoning in shopware/platform and shopware/core Critical
GHSA-r64m-qchj-hrjp was published for shopware/core (Composer) Nov 24, 2021
Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are... Critical Unreviewed
CVE-2022-22720 was published Mar 15, 2022
Quarkus does not terminate HTTP requests header context Critical
CVE-2022-2466 was published for io.quarkus:quarkus-core-parent (Maven) Sep 1, 2022
In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22... Critical Unreviewed
CVE-2022-22532 was published Feb 11, 2022
SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP... Critical Unreviewed
CVE-2022-22536 was published Feb 11, 2022
Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver... Critical Unreviewed
CVE-2020-8201 was published May 24, 2022
SAP Web Dispatcher versions - 7.49, 7.53, 7.77, 7.81, KRNL64NUC - 7.22, 7.22EXT, 7.49, KRNL64UC ... Critical Unreviewed
CVE-2021-38162 was published May 24, 2022
Improper Neutralization of CRLF Sequences in HTTP Headers in Jooby ('HTTP Response Splitting) Critical
CVE-2020-7622 was published for io.jooby:jooby-netty (Maven) Apr 3, 2020
JLLeitschuh
Critical severity vulnerability that affects org.eclipse.jetty:jetty-server Critical
CVE-2017-7657 was published for org.eclipse.jetty:jetty-server (Maven) Oct 19, 2018
Code injection in Apache Dubbo Critical
CVE-2021-30180 was published for org.apache.dubbo:dubbo (Maven) Mar 18, 2022
Apsis Pound before 2.8a allows request smuggling via crafted headers, a different vulnerability... Critical Unreviewed
CVE-2016-10711 was published May 13, 2022
The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP... Critical Unreviewed
CVE-2015-5739 was published May 14, 2022
The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP... Critical Unreviewed
CVE-2015-5740 was published May 14, 2022
Imperva Web Application Firewall (WAF) before 2021-12-31 allows remote unauthenticated attackers... Critical Unreviewed
CVE-2021-45468 was published Jan 15, 2022
In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and... Critical Unreviewed
CVE-2022-23959 was published Feb 8, 2022
The llhttp parser in the http module in Node v17.6.0 does not correctly handle multi-line... Critical Unreviewed
CVE-2022-32215 was published Jul 15, 2022
The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that... Critical Unreviewed
CVE-2022-35256 was published Dec 6, 2022
Jetty vulnerable to authorization bypass due to inconsistent HTTP request handling (HTTP Request Smuggling) Critical
CVE-2017-7658 was published for org.eclipse.jetty:jetty-server (Maven) Oct 19, 2018
westonsteimel
Puma vulnerable to HTTP Request Smuggling Critical
CVE-2022-24790 was published for puma (RubyGems) Mar 30, 2022
zeyu2001
HTTP Request Smuggling in hyper Critical
CVE-2020-35863 was published for hyper (Rust) Aug 25, 2021
SwiftNIO vulnerable to HTTP request smuggling using malformed Transfer-Encoding header Critical
GHSA-mgc4-wqv7-4pxm was published for github.com/apple/swift-nio (Swift) May 18, 2023
llhttp allows HTTP Request Smuggling via Flawed Parsing of Transfer-Encoding Critical
CVE-2022-32213 was published for llhttp (npm) Jul 15, 2022
llhttp allows HTTP Request Smuggling via Improper Delimiting of Header Fields Critical
CVE-2022-32214 was published for llhttp (npm) Jul 15, 2022
HTTP Request Smuggling in Netty Critical
CVE-2019-20444 was published for io.netty:netty (Maven) Feb 21, 2020
KateCatlin westonsteimel
Insufficient Protection against HTTP Request Smuggling in mitmproxy Critical
CVE-2022-24766 was published for mitmproxy (pip) Mar 22, 2022
zeyu2001
ProTip! Advisories are also available from the GraphQL API