Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,489
Maven
5,000+
npm
5,000+
NuGet
892
pip
4,745
Pub
13
RubyGems
1,033
Rust
1,228
Swift
53
Unreviewed advisories
All unreviewed
5,000+

4 advisories

Loading
h11 accepts some malformed Chunked-Encoding bodies Critical
CVE-2025-43859 was published for h11 (pip) Apr 24, 2025
JeppW Credited to JeppW
AIOHTTP is vulnerable to HTTP Request/Response Smuggling through incorrect parsing of chunked trailer sections Low
CVE-2025-53643 was published for aiohttp (pip) Jul 14, 2025
JeppW Credited to JeppW and Dreamsorcerer Dreamsorcerer Dreamsorcerer
Netty vulnerable to request smuggling due to incorrect parsing of chunk extensions Low
CVE-2025-58056 was published for io.netty:netty-codec-http (Maven) Sep 4, 2025
JeppW Credited to JeppW, JLLeitschuh, and yawkat JLLeitschuh JLLeitschuh
yawkat yawkat
aiohttp allows request smuggling due to incorrect parsing of chunk extensions Moderate
CVE-2024-52304 was published for aiohttp (pip) Nov 18, 2024
JeppW Credited to JeppW and bdraco bdraco bdraco
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database