Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

102 advisories

Belledonne Belle-sip before 4.5.20, as used in Linphone and other products, can crash via an... High Unreviewed
CVE-2021-33056 was published May 24, 2022
Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are... Critical Unreviewed
CVE-2022-22720 was published Mar 15, 2022
An information disclosure vulnerability exists in the HTTP Server /ping.html functionality of... Moderate Unreviewed
CVE-2021-21966 was published Feb 17, 2022
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2... High Unreviewed
CVE-2017-2850 was published May 13, 2022
An exploitable vulnerability exists the safe browsing function of the CUJO Smart Firewall,... High Unreviewed
CVE-2018-4030 was published May 13, 2022
The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extensions when parsing the body... Moderate Unreviewed
CVE-2021-22960 was published May 24, 2022
The parser in accepts requests with a space (SP) right after the header name before the colon.... Moderate Unreviewed
CVE-2021-22959 was published May 24, 2022
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in... High Unreviewed
CVE-2022-26377 was published Jun 10, 2022
AeroAdmin 4.1 uses an insecure protocol (HTTP) to perform software updates. An attacker can... High Unreviewed
CVE-2017-8894 was published May 17, 2022
Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1... Moderate Unreviewed
CVE-2022-1705 was published Aug 11, 2022
There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8... High Unreviewed
CVE-2019-17565 was published May 24, 2022
There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8... High Unreviewed
CVE-2020-1944 was published May 24, 2022
There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8... High Unreviewed
CVE-2019-17559 was published May 24, 2022
A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a... Moderate Unreviewed
CVE-2019-0197 was published May 24, 2022
In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22... Critical Unreviewed
CVE-2022-22532 was published Feb 11, 2022
An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1. A request... High Unreviewed
CVE-2022-45059 was published Nov 9, 2022
SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP... Critical Unreviewed
CVE-2022-22536 was published Feb 11, 2022
A flaw was found in HAProxy before 2.0.6. In legacy mode, messages featuring a transfer-encoding... High Unreviewed
CVE-2019-18277 was published May 24, 2022
Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling. High Unreviewed
CVE-2019-16276 was published May 24, 2022
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 a vulnerability may allow remote attackers to... Moderate Unreviewed
CVE-2021-34559 was published May 24, 2022
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest'... Moderate Unreviewed
CVE-2020-9490 was published May 24, 2022
NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as... Moderate Unreviewed
CVE-2019-20372 was published May 24, 2022
Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module... Moderate Unreviewed
CVE-2020-11993 was published May 24, 2022
In JetBrains Ktor before 1.4.1, HTTP request smuggling was possible. Moderate Unreviewed
CVE-2020-26129 was published May 24, 2022
Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver... Critical Unreviewed
CVE-2020-8201 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API