GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
102 advisories
Filter by severity
Kamailio before 5.4.0, as used in Sip Express Router (SER) in Sippy Softswitch 4.5 through 5.2...
Moderate
Unreviewed
CVE-2020-28361
was published
May 24, 2022
In JetBrains Ktor before 1.4.1, HTTP request smuggling was possible.
Moderate
Unreviewed
CVE-2020-26129
was published
May 24, 2022
Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver...
Critical
Unreviewed
CVE-2020-8201
was published
May 24, 2022
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest'...
Moderate
Unreviewed
CVE-2020-9490
was published
May 24, 2022
Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module...
Moderate
Unreviewed
CVE-2020-11993
was published
May 24, 2022
An issue was discovered in OpenResty before 1.15.8.4. ngx_http_lua_subrequest.c allows HTTP...
High
Unreviewed
CVE-2020-11724
was published
May 24, 2022
There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8...
High
Unreviewed
CVE-2020-1944
was published
May 24, 2022
There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8...
High
Unreviewed
CVE-2019-17565
was published
May 24, 2022
There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8...
High
Unreviewed
CVE-2019-17559
was published
May 24, 2022
Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poisoning.
Moderate
Unreviewed
CVE-2020-10112
was published
May 24, 2022
Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent Interpretation of HTTP Requests.
Moderate
Unreviewed
CVE-2020-10111
was published
May 24, 2022
A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface ...
High
Unreviewed
CVE-2019-19223
was published
May 24, 2022
The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP...
Critical
Unreviewed
CVE-2015-5741
was published
May 24, 2022
HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer...
High
Unreviewed
CVE-2019-15605
was published
May 24, 2022
NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as...
Moderate
Unreviewed
CVE-2019-20372
was published
May 24, 2022
A flaw was found in HAProxy before 2.0.6. In legacy mode, messages featuring a transfer-encoding...
High
Unreviewed
CVE-2019-18277
was published
May 24, 2022
A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco...
Moderate
Unreviewed
CVE-2019-15272
was published
May 24, 2022
Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.
High
Unreviewed
CVE-2019-16276
was published
May 24, 2022
A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a...
Moderate
Unreviewed
CVE-2019-0197
was published
May 24, 2022
AeroAdmin 4.1 uses an insecure protocol (HTTP) to perform software updates. An attacker can...
High
Unreviewed
CVE-2017-8894
was published
May 17, 2022
An active network attacker (MiTM) can achieve remote code execution on a machine that runs IKARUS...
High
Unreviewed
CVE-2017-15643
was published
May 17, 2022
HPE has identified a remote HOST header attack vulnerability in HPE CentralView Fraud Risk...
Moderate
Unreviewed
CVE-2018-7068
was published
May 14, 2022
There are multiple HTTP smuggling and cache poisoning issues when clients making malicious...
Moderate
Unreviewed
CVE-2018-8004
was published
May 14, 2022
The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP...
Critical
Unreviewed
CVE-2015-5740
was published
May 14, 2022
The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP...
Critical
Unreviewed
CVE-2015-5739
was published
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API