Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,002
Maven
5,000+
npm
4,724
NuGet
788
pip
4,335
Pub
12
RubyGems
987
Rust
1,136
Swift
50
Unreviewed advisories
All unreviewed
5,000+

278 advisories

Loading
Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can... Critical Unreviewed
CVE-2024-35161 was published Jul 26, 2024
Apache Traffic Server accepts characters that are not allowed for HTTP field names and forwards... High Unreviewed
CVE-2023-38522 was published Jul 26, 2024
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0'... High Unreviewed
CVE-2024-52530 was published Nov 11, 2024
Eventlet affected by HTTP request smuggling in unparsed trailers Moderate
CVE-2025-58068 was published for eventlet (pip) Aug 29, 2025
sebastianosrt
Credited to sebastianosrt
twisted.web has disordered HTTP pipeline response Moderate
CVE-2023-46137 was published for twisted (pip) Oct 25, 2023
mukeran
Credited to mukeran
Puma HTTP Request/Response Smuggling vulnerability Moderate
CVE-2024-21647 was published for puma (RubyGems) Jan 8, 2024
bartekn
Credited to bartekn
twisted.web has disordered HTTP pipeline response Moderate
CVE-2024-41671 was published for twisted (pip) Jul 29, 2024
kenballus twm
adiroiban
Credited to kenballus, twm, and adiroiban
Puma's header normalization allows for client to clobber proxy set headers Moderate
CVE-2024-45614 was published for puma (RubyGems) Sep 20, 2024
The team has identified a critical vulnerability in the http server of the most recent version of... Moderate Unreviewed
CVE-2024-27982 was published May 7, 2024
lighttpd1.4.80 incorrectly merged trailer fields into headers after http request parsing. This... Moderate Unreviewed
CVE-2025-12642 was published Nov 3, 2025
Hono vulnerable to Vary Header Injection leading to potential CORS Bypass Moderate
GHSA-q7jf-gf43-6x6p was published for hono (npm) Oct 24, 2025
gigatechcode
Credited to gigatechcode
Akamai Ghost on Akamai CDN edge servers before 2025-11-17 has a chunked request body processing... Moderate Unreviewed
CVE-2025-66373 was published Dec 4, 2025
An issue was discovered in Outsystems Platform Server 11.18.1.37828 allows attackers to cause a... High Unreviewed
CVE-2025-61258 was published Dec 9, 2025
Member Login Script 3.3 contains a client-side desynchronization vulnerability that allows... Moderate Unreviewed
CVE-2023-53878 was published Dec 15, 2025
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in... Moderate Unreviewed
CVE-2025-12874 was published Dec 19, 2025
flagd: Multiple Go Runtime CVEs Impact Security and Availability High
GHSA-4c5f-9mj4-m247 was published for github.com/open-feature/flagd/core (Go) Jan 5, 2026
pramod-ahire
Credited to pramod-ahire
AIOHTTP's unicode processing of header values could cause parsing discrepancies Low
CVE-2025-69224 was published for aiohttp (pip) Jan 5, 2026
ThomasRinsma
Credited to ThomasRinsma
AIOHTTP has unicode match groups in regexes for ASCII protocol elements Low
CVE-2025-69225 was published for aiohttp (pip) Jan 5, 2026
ThomasRinsma
Credited to ThomasRinsma
h3 v1 has Request Smuggling (TE.TE) issue High
CVE-2026-23527 was published for h3 (npm) Jan 15, 2026
simonkoeck
Credited to simonkoeck
Vert.x Web static handler component cache can be manipulated to deny the access to static files Moderate
CVE-2026-1002 was published for io.vertx:vertx-core (Maven) Jan 15, 2026
yeikel
Credited to yeikel
Duplicate Advisory: Inconsistent Interpretation of HTTP Requests in Waitress High
GHSA-j7j6-7hfx-5522 was published for waitress (pip) May 24, 2022 withdrawn
HTTP Request Smuggling: Content-Length Sent Twice in Waitress Critical
CVE-2019-16792 was published for waitress (pip) Dec 20, 2019
Illegal HTTP request traffic vulnerability (CL.0) in Altitude Communication Server, caused by... Moderate Unreviewed
CVE-2025-41082 was published Jan 26, 2026
A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns... High Unreviewed
CVE-2025-14523 was published Dec 11, 2025
A flaw was found in SoupServer. This HTTP request smuggling vulnerability occurs because... Moderate Unreviewed
CVE-2026-1760 was published Feb 2, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database