GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
38 advisories
Filter by severity
HTTP Request Smuggling Leading to Client Timeouts in resteasy-netty4
Moderate
CVE-2024-9622
was published
for
org.jboss.resteasy:resteasy-netty4-cdi
(Maven)
Oct 8, 2024
Puma's header normalization allows for client to clobber proxy set headers
Moderate
CVE-2024-45614
was published
for
puma
(RubyGems)
Sep 20, 2024
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in tornado
Moderate
GHSA-753j-mpmx-qq6g
was published
for
tornado
(pip)
Jun 6, 2024
aiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separators
Moderate
CVE-2024-23829
was published
for
aiohttp
(pip)
Jan 29, 2024
Puma HTTP Request/Response Smuggling vulnerability
Moderate
CVE-2024-21647
was published
for
puma
(RubyGems)
Jan 8, 2024
@fastify/reply-from JSON Content-Type parsing confusion
Moderate
CVE-2023-51701
was published
for
@fastify/reply-from
(npm)
Jan 8, 2024
aiohttp has vulnerable dependency that is vulnerable to request smuggling
Moderate
GHSA-pjjw-qhg8-p2p9
was published
for
aiohttp
(pip)
Nov 27, 2023
yt-dlp Generic Extractor MITM Vulnerability via Arbitrary Proxy Injection
Moderate
CVE-2023-46121
was published
for
yt-dlp
(pip)
Nov 15, 2023
AIOHTTP has problems in HTTP parser (the python one, not llhttp)
Moderate
CVE-2023-47627
was published
for
aiohttp
(pip)
Nov 14, 2023
twisted.web has disordered HTTP pipeline response
Moderate
CVE-2023-46137
was published
for
twisted
(pip)
Oct 25, 2023
Tornado vulnerable to HTTP request smuggling via improper parsing of `Content-Length` fields and chunk lengths
Moderate
GHSA-qppv-j76h-2rpx
was published
for
tornado
(pip)
Aug 14, 2023
protocol-http1 HTTP Request/Response Smuggling vulnerability
Moderate
CVE-2023-38697
was published
for
protocol-http1
(RubyGems)
Aug 3, 2023
aiohttp.web.Application vulnerable to HTTP request smuggling via llhttp HTTP request parser
Moderate
CVE-2023-37276
was published
for
aiohttp
(pip)
Jul 20, 2023
SilverStripe Web Cache Poisoning through HTTPRequestBuilder
Moderate
CVE-2019-19326
was published
for
silverstripe/framework
(Composer)
May 24, 2022
meinheld vulnerable to HTTP Request Smuggling
Moderate
CVE-2020-7658
was published
for
meinheld
(pip)
May 24, 2022
Undertow vulnerable to Request Smuggling
Moderate
CVE-2017-7559
was published
for
io.undertow:undertow-core
(Maven)
May 13, 2022
HTTP request smuggling in netty
Moderate
CVE-2021-43797
was published
for
io.netty:netty
(Maven)
Dec 9, 2021
Webcache Poisoning in symfony/http-kernel
Moderate
CVE-2021-41267
was published
for
symfony/http-kernel
(Composer)
Nov 24, 2021
Async-h1 request smuggling possible with long unread bodies
Moderate
CVE-2020-26281
was published
for
async-h1
(Rust)
Oct 12, 2021
HTTP Request smuggling in tiny_http
Moderate
CVE-2020-35884
was published
for
tiny_http
(Rust)
Aug 25, 2021
HTTP Request Smuggling in Apache Tomcat
Moderate
CVE-2021-33037
was published
for
org.apache.tomcat:tomcat
(Maven)
Aug 13, 2021
HTTP request smuggling in Undertow
Moderate
CVE-2021-20220
was published
for
io.undertow:undertow-core
(Maven)
Jun 16, 2021
HTTP Request Smuggling in akka-http-core
Moderate
CVE-2021-23339
was published
for
com.typesafe.akka:akka-http-core
(Maven)
May 10, 2021
ProTip!
Advisories are also available from the
GraphQL API