Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,436
Erlang
29
GitHub Actions
16
Go
1,661
Maven
4,922
npm
3,450
NuGet
594
pip
2,840
Pub
10
RubyGems
823
Rust
764
Swift
34
Unreviewed advisories
All unreviewed
5,000+

188 advisories

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Apache... Unknown Unreviewed
CVE-2024-32638 was published May 2, 2024
Request smuggling leading to endpoint restriction bypass in Gunicorn High
CVE-2024-1135 was published for gunicorn (pip) Apr 16, 2024
HTTP Handling Vulnerability in the Bare server Critical
CVE-2024-27922 was published for @tomphttp/bare-server-node (npm) Mar 5, 2024
hackermondev
Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.5~1.7.0 on all platforms allows... High Unreviewed
CVE-2024-23452 was published Feb 8, 2024
aiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separators Moderate
CVE-2024-23829 was published for aiohttp (pip) Jan 29, 2024
pajod
chasquid HTTP Request/Response Smuggling vulnerability High
CVE-2023-52354 was published for github.com/albertito/chasquid (Go) Jan 22, 2024
Puma HTTP Request/Response Smuggling vulnerability Moderate
CVE-2024-21647 was published for puma (RubyGems) Jan 8, 2024
bartekn
@fastify/reply-from JSON Content-Type parsing confusion Moderate
CVE-2023-51701 was published for @fastify/reply-from (npm) Jan 8, 2024
qwerty472123
SAP Fiori launchpad - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI... Moderate Unreviewed
CVE-2023-49584 was published Dec 12, 2023
Apache Tomcat Improper Input Validation vulnerability High
CVE-2023-46589 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Nov 28, 2023
biehl1
aiohttp has vulnerable dependency that is vulnerable to request smuggling Moderate
GHSA-pjjw-qhg8-p2p9 was published for aiohttp (pip) Nov 27, 2023
kenballus
Qlik Sense Enterprise for Windows before August 2023 Patch 2 allows unauthenticated remote code... Critical Unreviewed
CVE-2023-48365 was published Nov 16, 2023
yt-dlp Generic Extractor MITM Vulnerability via Arbitrary Proxy Injection Moderate
CVE-2023-46121 was published for yt-dlp (pip) Nov 15, 2023
coletdjnz
AIOHTTP has problems in HTTP parser (the python one, not llhttp) Moderate
CVE-2023-47627 was published for aiohttp (pip) Nov 14, 2023
kenballus
Aiohttp has inconsistent interpretation of `Content-Length` vs. `Transfer-Encoding` differing in C and Python fallbacks Low
CVE-2023-47641 was published for aiohttp (pip) Nov 14, 2023
chinchila
twisted.web has disordered HTTP pipeline response Moderate
CVE-2023-46137 was published for twisted (pip) Oct 25, 2023
mukeran
HPE MSA Controller prior to version IN210R004 could be remotely exploited to allow inconsistent... Moderate Unreviewed
CVE-2023-30910 was published Oct 9, 2023
An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions... Critical Unreviewed
CVE-2023-41265 was published Aug 30, 2023
Puma HTTP Request/Response Smuggling vulnerability Critical
CVE-2023-40175 was published for puma (RubyGems) Aug 18, 2023
kenballus
Tornado vulnerable to HTTP request smuggling via improper parsing of `Content-Length` fields and chunk lengths Moderate
GHSA-qppv-j76h-2rpx was published for tornado (pip) Aug 14, 2023
kenballus
HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and... High Unreviewed
CVE-2023-40225 was published Aug 10, 2023
Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.This... Critical Unreviewed
CVE-2023-33934 was published Aug 9, 2023
VMware Horizon Server contains a HTTP request smuggling vulnerability. A malicious actor with... Moderate Unreviewed
CVE-2023-34037 was published Aug 4, 2023
protocol-http1 HTTP Request/Response Smuggling vulnerability Moderate
CVE-2023-38697 was published for protocol-http1 (RubyGems) Aug 3, 2023
mukeran chenjj
ioquatix
aiohttp.web.Application vulnerable to HTTP request smuggling via llhttp HTTP request parser Moderate
CVE-2023-37276 was published for aiohttp (pip) Jul 20, 2023
sethmlarson
ProTip! Advisories are also available from the GraphQL API