Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

46 advisories

Loading
An information disclosure vulnerability exists in the HTTP Server /ping.html functionality of... Moderate Unreviewed
CVE-2021-21966 was published Feb 17, 2022
The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extensions when parsing the body... Moderate Unreviewed
CVE-2021-22960 was published May 24, 2022
The parser in accepts requests with a space (SP) right after the header name before the colon.... Moderate Unreviewed
CVE-2021-22959 was published May 24, 2022
Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1... Moderate Unreviewed
CVE-2022-1705 was published Aug 11, 2022
A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a... Moderate Unreviewed
CVE-2019-0197 was published May 24, 2022
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 a vulnerability may allow remote attackers to... Moderate Unreviewed
CVE-2021-34559 was published May 24, 2022
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest'... Moderate Unreviewed
CVE-2020-9490 was published May 24, 2022
NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as... Moderate Unreviewed
CVE-2019-20372 was published May 24, 2022
Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module... Moderate Unreviewed
CVE-2020-11993 was published May 24, 2022
In JetBrains Ktor before 1.4.1, HTTP request smuggling was possible. Moderate Unreviewed
CVE-2020-26129 was published May 24, 2022
Kamailio before 5.4.0, as used in Sip Express Router (SER) in Sippy Softswitch 4.5 through 5.2... Moderate Unreviewed
CVE-2020-28361 was published May 24, 2022
SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, 2011, allows an authenticated attacker to... Moderate Unreviewed
CVE-2021-21445 was published May 24, 2022
In JetBrains Ktor before 1.4.3, HTTP Request Smuggling was possible. Moderate Unreviewed
CVE-2021-25762 was published May 24, 2022
IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web cache poisoning, caused by... Moderate Unreviewed
CVE-2020-4896 was published May 24, 2022
All versions of package tornado are vulnerable to Web Cache Poisoning by using a vector called... Moderate Unreviewed
CVE-2020-28476 was published May 24, 2022
Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a... Moderate Unreviewed
CVE-2021-36740 was published May 24, 2022
An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting')... Moderate Unreviewed
CVE-2021-32598 was published May 24, 2022
Ping Identity PingAccess before 5.3.3 allows HTTP request smuggling via header manipulation. Moderate Unreviewed
CVE-2021-31923 was published May 24, 2022
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in... Moderate Unreviewed
CVE-2020-8287 was published May 24, 2022
Multiple instances of improper input validation vulnerability in Fortinet FortiADC version 7.1.0,... Moderate Unreviewed
CVE-2022-33876 was published Dec 6, 2022
There are multiple HTTP smuggling and cache poisoning issues when clients making malicious... Moderate Unreviewed
CVE-2018-8004 was published May 14, 2022
HPE has identified a remote HOST header attack vulnerability in HPE CentralView Fraud Risk... Moderate Unreviewed
CVE-2018-7068 was published May 14, 2022
A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift... Moderate Unreviewed
CVE-2022-0552 was published Apr 12, 2022
This vulnerability occurs when a web server fails to correctly process the Content-Length of POST... Moderate Unreviewed
CVE-2022-38114 was published Nov 23, 2022
SAP Web Dispatcher and Internet Communication Manager (ICM), versions - KRNL32NUC 7.21, 7.21EXT,... Moderate Unreviewed
CVE-2021-33683 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database