GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
50 advisories
Filter by severity
A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting...
High
Unreviewed
CVE-2023-4639
was published
Nov 17, 2024
Vulnerability in the Oracle Production Scheduling product of Oracle E-Business Suite (component:...
High
Unreviewed
CVE-2024-21088
was published
Apr 17, 2024
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0'...
High
Unreviewed
CVE-2024-52530
was published
Nov 11, 2024
An issue in kmqtt v0.2.7 allows attackers to cause a Denial of Service(DoS) via a crafted request.
High
Unreviewed
CVE-2024-44775
was published
Oct 15, 2024
An HTTP Request Smuggling vulnerability in Looker allowed an unauthorized attacker to capture...
High
Unreviewed
CVE-2024-8912
was published
Oct 11, 2024
Apache Traffic Server accepts characters that are not allowed for HTTP field names and forwards...
High
Unreviewed
CVE-2023-38522
was published
Jul 26, 2024
This vulnerability allows a high-privileged authenticated PAM user to achieve remote command...
High
Unreviewed
CVE-2024-38494
was published
Jul 15, 2024
HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and...
High
Unreviewed
CVE-2023-40225
was published
Aug 10, 2023
HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows...
High
Unreviewed
CVE-2023-25950
was published
Apr 11, 2023
An issue was discovered in OpenResty before 1.15.8.4. ngx_http_lua_subrequest.c allows HTTP...
High
Unreviewed
CVE-2020-11724
was published
May 24, 2022
An issue was discovered in zeek version 4.1.0. There is a HTTP request splitting vulnerability...
High
Unreviewed
CVE-2021-41732
was published
May 24, 2022
M-Files Web before 20.10.9524.1 allows a denial of service via overlapping ranges (in HTTP...
High
Unreviewed
CVE-2021-37253
was published
Dec 6, 2021
HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer...
High
Unreviewed
CVE-2019-15605
was published
May 24, 2022
An HTTP request smuggling in web application in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55,...
High
Unreviewed
CVE-2021-41436
was published
Nov 20, 2021
Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.5~1.7.0 on all platforms allows...
High
Unreviewed
CVE-2024-23452
was published
Feb 8, 2024
Requests forwarded by ReverseProxy include the raw query parameters from the inbound request,...
High
Unreviewed
CVE-2022-2880
was published
Oct 14, 2022
BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4...
High
Unreviewed
CVE-2021-25220
was published
Mar 24, 2022
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
High
Unreviewed
CVE-2021-23336
was published
Feb 8, 2022
Improper Input Validation vulnerability in HTTP/2 request validation of Apache Traffic Server...
High
Unreviewed
CVE-2022-25763
was published
Aug 11, 2022
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software...
High
Unreviewed
CVE-2021-1573
was published
Jan 12, 2022
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software...
High
Unreviewed
CVE-2021-34704
was published
Jan 12, 2022
A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface ...
High
Unreviewed
CVE-2019-19223
was published
May 24, 2022
An HTTP smuggling attack in the web application of D-Link DIR-X1860 before v1.10WWB09_Beta allows...
High
Unreviewed
CVE-2021-41442
was published
Feb 10, 2022
An issue was discovered in VeridiumID VeridiumAD 2.5.3.0. The HTTP request to trigger push...
High
Unreviewed
CVE-2021-42791
was published
Jan 29, 2022
Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can...
High
Unreviewed
CVE-2018-12116
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API