GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
29 advisories
Filter by severity
Inconsistent Interpretation of HTTP Requests in Waitress
High
CVE-2019-16792
was published
for
waitress
(pip)
May 24, 2022
HTTP Request Smuggling: Content-Length Sent Twice in Waitress
Critical
GHSA-4ppp-gpcr-7qf6
was published
for
waitress
(pip)
Dec 20, 2019
HTTP Request Smuggling: Invalid whitespace characters in headers in Waitress
High
GHSA-m5ff-3wj3-8ph4
was published
for
waitress
(pip)
Dec 26, 2019
Tornado vulnerable to HTTP request smuggling via improper parsing of `Content-Length` fields and chunk lengths
Moderate
GHSA-qppv-j76h-2rpx
was published
for
tornado
(pip)
Aug 14, 2023
Apache HTTP Server via mod_proxy_uwsgi HTTP response smuggling
High
CVE-2023-27522
was published
for
uWSGI
(pip)
Mar 7, 2023
yt-dlp Generic Extractor MITM Vulnerability via Arbitrary Proxy Injection
Moderate
CVE-2023-46121
was published
for
yt-dlp
(pip)
Nov 15, 2023
aiohttp has vulnerable dependency that is vulnerable to request smuggling
Moderate
GHSA-pjjw-qhg8-p2p9
was published
for
aiohttp
(pip)
Nov 27, 2023
Request smuggling leading to endpoint restriction bypass in Gunicorn
High
CVE-2024-1135
was published
for
gunicorn
(pip)
Apr 16, 2024
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in tornado
Moderate
GHSA-753j-mpmx-qq6g
was published
for
tornado
(pip)
Jun 6, 2024
aiohttp.web.Application vulnerable to HTTP request smuggling via llhttp HTTP request parser
Moderate
CVE-2023-37276
was published
for
aiohttp
(pip)
Jul 20, 2023
aiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separators
Moderate
CVE-2024-23829
was published
for
aiohttp
(pip)
Jan 29, 2024
Aiohttp has inconsistent interpretation of `Content-Length` vs. `Transfer-Encoding` differing in C and Python fallbacks
Low
CVE-2023-47641
was published
for
aiohttp
(pip)
Nov 14, 2023
AIOHTTP has problems in HTTP parser (the python one, not llhttp)
Moderate
CVE-2023-47627
was published
for
aiohttp
(pip)
Nov 14, 2023
meinheld vulnerable to HTTP Request Smuggling
Moderate
CVE-2020-7658
was published
for
meinheld
(pip)
May 24, 2022
Lacking Protection against HTTP Request Smuggling in mitmproxy
Critical
CVE-2021-39214
was published
for
mitmproxy
(pip)
Sep 20, 2021
Insufficient Protection against HTTP Request Smuggling in mitmproxy
Critical
CVE-2022-24766
was published
for
mitmproxy
(pip)
Mar 22, 2022
Waitress has request processing race condition in HTTP pipelining with invalid first request
Critical
CVE-2024-49768
was published
for
waitress
(pip)
Oct 29, 2024
twisted.web has disordered HTTP pipeline response
Moderate
CVE-2024-41671
was published
for
twisted
(pip)
Jul 29, 2024
HTTP Request Smuggling in Twisted
Critical
CVE-2020-10109
was published
for
Twisted
(pip)
Mar 31, 2020
Improper Input Validation in Twisted
Critical
CVE-2020-10108
was published
for
Twisted
(pip)
Mar 31, 2020
Inconsistent Interpretation of HTTP Requests in twisted.web
Critical
CVE-2022-24801
was published
for
twisted
(pip)
Apr 4, 2022
twisted.web has disordered HTTP pipeline response
Moderate
CVE-2023-46137
was published
for
twisted
(pip)
Oct 25, 2023
HTTP Request Smuggling: LF vs CRLF handling in Waitress
Moderate
CVE-2019-16785
was published
for
waitress
(pip)
Dec 20, 2019
ProTip!
Advisories are also available from the
GraphQL API