Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

109 advisories

Loading
Loway - CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Moderate Unreviewed
CVE-2024-42342 was published Sep 8, 2024
Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can... Critical Unreviewed
CVE-2024-35161 was published Jul 26, 2024
Apache Traffic Server accepts characters that are not allowed for HTTP field names and forwards... High Unreviewed
CVE-2023-38522 was published Jul 26, 2024
This vulnerability allows a high-privileged authenticated PAM user to achieve remote command... High Unreviewed
CVE-2024-38494 was published Jul 15, 2024
A vulnerability classified as critical was found in mhuertos phpLDAPadmin up to... Moderate Unreviewed
CVE-2016-15039 was published Jul 11, 2024
Improper handling of requests in Routing Release > v0.273.0 and <= v0.297.0 allows an... Moderate Unreviewed
CVE-2024-22279 was published Jun 10, 2024
HTTP request desynchronization in Ping Identity PingAccess, all versions prior to 8.0.1 affected... Unknown Unreviewed
CVE-2024-23316 was published May 31, 2024
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Apache... Moderate Unreviewed
CVE-2024-32638 was published May 2, 2024
Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite ... Moderate Unreviewed
CVE-2024-20915 was published Feb 17, 2024
Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.5~1.7.0 on all platforms allows... High Unreviewed
CVE-2024-23452 was published Feb 8, 2024
SAP Fiori launchpad - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI... Moderate Unreviewed
CVE-2023-49584 was published Dec 12, 2023
Qlik Sense Enterprise for Windows before August 2023 Patch 2 allows unauthenticated remote code... Critical Unreviewed
CVE-2023-48365 was published Nov 16, 2023
HPE MSA Controller prior to version IN210R004 could be remotely exploited to allow inconsistent... Moderate Unreviewed
CVE-2023-30910 was published Oct 9, 2023
An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions... Critical Unreviewed
CVE-2023-41265 was published Aug 30, 2023
HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and... High Unreviewed
CVE-2023-40225 was published Aug 10, 2023
Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.This... Critical Unreviewed
CVE-2023-33934 was published Aug 9, 2023
VMware Horizon Server contains a HTTP request smuggling vulnerability. A malicious actor with... Moderate Unreviewed
CVE-2023-34037 was published Aug 4, 2023
An unauthenticated attacker in SAP Web Dispatcher - versions WEBDISP 7.49, WEBDISP 7.53, WEBDISP... Critical Unreviewed
CVE-2023-33987 was published Jul 11, 2023
All versions of the package drogonframework/drogon are vulnerable to HTTP Response Splitting when... Moderate Unreviewed
CVE-2023-26137 was published Jul 6, 2023
HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows... High Unreviewed
CVE-2023-25950 was published Apr 11, 2023
Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP... Critical Unreviewed
CVE-2023-25690 was published Mar 7, 2023
Dell EMC PV ME5, versions ME5.1.0.0.0 and ME5.1.0.1.0, contains a Client-side desync... High Unreviewed
CVE-2023-23691 was published Jan 20, 2023
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in... Critical Unreviewed
CVE-2022-36760 was published Jan 17, 2023
Multiple instances of improper input validation vulnerability in Fortinet FortiADC version 7.1.0,... Moderate Unreviewed
CVE-2022-33876 was published Dec 6, 2022
The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that... Critical Unreviewed
CVE-2022-35256 was published Dec 6, 2022
ProTip! Advisories are also available from the GraphQL API