GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
89 advisories
Filter by severity
Undertow-core vulnerable to HTTP Request Smuggling
Moderate
CVE-2017-2666
was published
for
io.undertow:undertow-core
(Maven)
Oct 19, 2018
HTTP Request Smuggling: LF vs CRLF handling in Waitress
Moderate
CVE-2019-16785
was published
for
waitress
(pip)
Dec 20, 2019
HTTP Request Smuggling: Invalid Transfer-Encoding in Waitress
Moderate
CVE-2019-16786
was published
for
waitress
(pip)
Dec 20, 2019
HTTP Request Smuggling in Waitress: Invalid whitespace characters in headers (Follow-up)
Moderate
CVE-2019-16789
was published
for
waitress
(pip)
Jan 6, 2020
Ability to expose data in Sylius by using an unintended serialisation group
Moderate
CVE-2020-5220
was published
for
sylius/resource-bundle
(Composer)
Jan 31, 2020
HTTP Request Smuggling in Netty
Moderate
CVE-2019-20445
was published
for
io.netty:netty
(Maven)
Feb 21, 2020
Potential HTTP request smuggling in Apache Tomcat
Moderate
CVE-2020-1935
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Feb 28, 2020
Potential HTTP request smuggling in Apache Tomcat
Moderate
CVE-2019-17569
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Feb 28, 2020
HTTP Smuggling via Transfer-Encoding Header in Puma
Moderate
CVE-2020-11077
was published
for
puma
(RubyGems)
May 22, 2020
Withdrawn: HTTP Request Smuggling in Agoo
Moderate
CVE-2020-7670
was published
for
agoo
(RubyGems)
Oct 20, 2020
•
withdrawn
Web Cache Poisoning in find-my-way
Moderate
CVE-2020-7764
was published
for
find-my-way
(npm)
Nov 9, 2020
Possible request smuggling in HTTP/2 due missing validation
Moderate
CVE-2021-21295
was published
for
io.netty:netty
(Maven)
Mar 9, 2021
Possible request smuggling in HTTP/2 due missing validation of content-length
Moderate
CVE-2021-21409
was published
for
io.netty:netty
(Maven)
Mar 30, 2021
HTTP Request Smuggling in Undertow
Moderate
CVE-2020-10719
was published
for
io.undertow:undertow-core
(Maven)
Apr 30, 2021
HTTP Request Smuggling in Undertow
Moderate
CVE-2020-10687
was published
for
io.undertow:undertow-core
(Maven)
Apr 30, 2021
HTTP Request Smuggling in akka-http-core
Moderate
CVE-2021-23339
was published
for
com.typesafe.akka:akka-http-core
(Maven)
May 10, 2021
HTTP request smuggling in Undertow
Moderate
CVE-2021-20220
was published
for
io.undertow:undertow-core
(Maven)
Jun 16, 2021
HTTP Request Smuggling in Apache Tomcat
Moderate
CVE-2021-33037
was published
for
org.apache.tomcat:tomcat
(Maven)
Aug 13, 2021
HTTP Request smuggling in tiny_http
Moderate
CVE-2020-35884
was published
for
tiny_http
(Rust)
Aug 25, 2021
Async-h1 request smuggling possible with long unread bodies
Moderate
CVE-2020-26281
was published
for
async-h1
(Rust)
Oct 12, 2021
Webcache Poisoning in symfony/http-kernel
Moderate
CVE-2021-41267
was published
for
symfony/http-kernel
(Composer)
Nov 24, 2021
HTTP request smuggling in netty
Moderate
CVE-2021-43797
was published
for
io.netty:netty
(Maven)
Dec 9, 2021
ProTip!
Advisories are also available from the
GraphQL API