Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
48
Go
3,361
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,554
Pub
12
RubyGems
1,013
Rust
1,205
Swift
51
Unreviewed advisories
All unreviewed
5,000+

291 advisories

Loading
All versions of package tornado are vulnerable to Web Cache Poisoning by using a vector called... Moderate Unreviewed
CVE-2020-28476 was published May 24, 2022
dproxy-nexgen (aka dproxy nexgen) re-uses the DNS transaction id (TXID) value from client queries... High Unreviewed
CVE-2022-33988 was published Aug 16, 2022
ATS negative cache option is vulnerable to a cache poisoning attack. If you have this option... High Unreviewed
CVE-2020-17509 was published May 24, 2022
IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web cache poisoning, caused by... Moderate Unreviewed
CVE-2020-4896 was published May 24, 2022
In JetBrains Ktor before 1.4.3, HTTP Request Smuggling was possible. Moderate Unreviewed
CVE-2021-25762 was published May 24, 2022
SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, 2011, allows an authenticated attacker to... Moderate Unreviewed
CVE-2021-21445 was published May 24, 2022
Kamailio before 5.4.0, as used in Sip Express Router (SER) in Sippy Softswitch 4.5 through 5.2... Moderate Unreviewed
CVE-2020-28361 was published May 24, 2022
Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver... Critical Unreviewed
CVE-2020-8201 was published May 24, 2022
In JetBrains Ktor before 1.4.1, HTTP request smuggling was possible. Moderate Unreviewed
CVE-2020-26129 was published May 24, 2022
Undertow vulnerable to Request Smuggling Moderate
CVE-2017-7559 was published for io.undertow:undertow-core (Maven) May 13, 2022
Potential HTTP request smuggling in Apache Tomcat Moderate
CVE-2019-17569 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Feb 28, 2020
NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as... Moderate Unreviewed
CVE-2019-20372 was published May 24, 2022
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest'... Moderate Unreviewed
CVE-2020-9490 was published May 24, 2022
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 a vulnerability may allow remote attackers to... Moderate Unreviewed
CVE-2021-34559 was published May 24, 2022
Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling. High Unreviewed
CVE-2019-16276 was published May 24, 2022
A flaw was found in HAProxy before 2.0.6. In legacy mode, messages featuring a transfer-encoding... High Unreviewed
CVE-2019-18277 was published May 24, 2022
In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22... Critical Unreviewed
CVE-2022-22532 was published Feb 11, 2022
A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a... Moderate Unreviewed
CVE-2019-0197 was published May 24, 2022
There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8... High Unreviewed
CVE-2019-17559 was published May 24, 2022
There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8... High Unreviewed
CVE-2020-1944 was published May 24, 2022
There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8... High Unreviewed
CVE-2019-17565 was published May 24, 2022
AeroAdmin 4.1 uses an insecure protocol (HTTP) to perform software updates. An attacker can... High Unreviewed
CVE-2017-8894 was published May 17, 2022
The parser in accepts requests with a space (SP) right after the header name before the colon.... Moderate Unreviewed
CVE-2021-22959 was published May 24, 2022
The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extensions when parsing the body... Moderate Unreviewed
CVE-2021-22960 was published May 24, 2022
Quarkus does not terminate HTTP requests header context Critical
CVE-2022-2466 was published for io.quarkus:quarkus-core-parent (Maven) Sep 1, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database