GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,626
Erlang
29
GitHub Actions
16
Go
1,698
Maven
4,936
npm
3,466
NuGet
601
pip
2,975
Pub
10
RubyGems
826
Rust
767
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
101 advisories
Filter by severity
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Apache...
Unknown
Unreviewed
CVE-2024-32638
was published
May 2, 2024
Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.5~1.7.0 on all platforms allows...
High
Unreviewed
CVE-2024-23452
was published
Feb 8, 2024
SAP Fiori launchpad - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI...
Moderate
Unreviewed
CVE-2023-49584
was published
Dec 12, 2023
Qlik Sense Enterprise for Windows before August 2023 Patch 2 allows unauthenticated remote code...
Critical
Unreviewed
CVE-2023-48365
was published
Nov 16, 2023
HPE MSA Controller prior to version IN210R004 could be remotely exploited to allow inconsistent...
Moderate
Unreviewed
CVE-2023-30910
was published
Oct 9, 2023
An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions...
Critical
Unreviewed
CVE-2023-41265
was published
Aug 30, 2023
HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and...
High
Unreviewed
CVE-2023-40225
was published
Aug 10, 2023
Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.This...
Critical
Unreviewed
CVE-2023-33934
was published
Aug 9, 2023
VMware Horizon Server contains a HTTP request smuggling vulnerability. A malicious actor with...
Moderate
Unreviewed
CVE-2023-34037
was published
Aug 4, 2023
An unauthenticated attacker in SAP Web Dispatcher - versions WEBDISP 7.49, WEBDISP 7.53, WEBDISP...
Critical
Unreviewed
CVE-2023-33987
was published
Jul 11, 2023
All versions of the package drogonframework/drogon are vulnerable to HTTP Response Splitting when...
Moderate
Unreviewed
CVE-2023-26137
was published
Jul 6, 2023
HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows...
High
Unreviewed
CVE-2023-25950
was published
Apr 11, 2023
Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP...
Critical
Unreviewed
CVE-2023-25690
was published
Mar 7, 2023
Dell EMC PV ME5, versions ME5.1.0.0.0 and ME5.1.0.1.0, contains a Client-side desync...
High
Unreviewed
CVE-2023-23691
was published
Jan 20, 2023
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in...
Critical
Unreviewed
CVE-2022-36760
was published
Jan 17, 2023
Multiple instances of improper input validation vulnerability in Fortinet FortiADC version 7.1.0,...
Moderate
Unreviewed
CVE-2022-33876
was published
Dec 6, 2022
The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that...
Critical
Unreviewed
CVE-2022-35256
was published
Dec 6, 2022
This vulnerability occurs when a web server fails to correctly process the Content-Length of POST...
Moderate
Unreviewed
CVE-2022-38114
was published
Nov 23, 2022
An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1. A request...
High
Unreviewed
CVE-2022-45059
was published
Nov 9, 2022
Requests forwarded by ReverseProxy include the raw query parameters from the inbound request,...
High
Unreviewed
CVE-2022-2880
was published
Oct 14, 2022
Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling,...
Moderate
Unreviewed
CVE-2022-21826
was published
Oct 1, 2022
dproxy-nexgen (aka dproxy nexgen) re-uses the DNS transaction id (TXID) value from client queries...
High
Unreviewed
CVE-2022-33988
was published
Aug 16, 2022
Improper Input Validation vulnerability in HTTP/2 request validation of Apache Traffic Server...
High
Unreviewed
CVE-2022-25763
was published
Aug 11, 2022
A vulnerability in the Clientless SSL VPN (WebVPN) component of Cisco Adaptive Security Appliance...
Moderate
Unreviewed
CVE-2022-20713
was published
Aug 11, 2022
Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1...
Moderate
Unreviewed
CVE-2022-1705
was published
Aug 11, 2022
ProTip!
Advisories are also available from the
GraphQL API