GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,217
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,443
Swift
61
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
66 advisories
Filter by severity
IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0...
High
Unreviewed
CVE-2026-11541
was published
Jul 1, 2026
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 is affected by an arbitrary...
High
Unreviewed
CVE-2026-11806
was published
Jun 30, 2026
Inconsistent interpretation of HTTP/2 requests in AWS Application Load Balancer with AWS WAF...
High
Unreviewed
CVE-2026-13763
was published
Jun 29, 2026
Inconsistent interpretation of HTTP/2 requests in Amazon CloudFront with AWS WAF enabled might...
High
Unreviewed
CVE-2026-13762
was published
Jun 29, 2026
IBM WebSphere Application Server 9.0 and 8.5 and IBM WebSphere Application Server - Liberty 17.0...
High
Unreviewed
CVE-2026-8646
was published
Jun 22, 2026
IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM...
High
Unreviewed
CVE-2026-9170
was published
May 26, 2026
IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM...
High
Unreviewed
CVE-2026-8620
was published
May 26, 2026
Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header...
High
Unreviewed
CVE-2026-40562
was published
May 6, 2026
Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header...
High
Unreviewed
CVE-2026-40560
was published
Apr 29, 2026
Tinyproxy through 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case...
High
Unreviewed
CVE-2026-31842
was published
Apr 7, 2026
Apache Traffic Server allows request smuggling if chunked messages are malformed.
This issue...
High
Unreviewed
CVE-2025-65114
was published
Apr 2, 2026
A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns...
High
Unreviewed
CVE-2025-14523
was published
Dec 11, 2025
An issue was discovered in Outsystems Platform Server 11.18.1.37828 allows attackers to cause a...
High
Unreviewed
CVE-2025-61258
was published
Dec 9, 2025
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0'...
High
Unreviewed
CVE-2024-52530
was published
Nov 11, 2024
Apache Traffic Server accepts characters that are not allowed for HTTP field names and forwards...
High
Unreviewed
CVE-2023-38522
was published
Jul 26, 2024
An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct...
High
Unreviewed
CVE-2024-33452
was published
Apr 22, 2025
Improper Input Validation vulnerability in HTTP/2 request validation of Apache Traffic Server...
High
Unreviewed
CVE-2022-25763
was published
Aug 11, 2022
A request smuggling vulnerability existed in the Google Cloud Classic Application Load Balancer...
High
Unreviewed
CVE-2025-4600
was published
May 16, 2025
An HTTP Request Smuggling vulnerability in Looker allowed an unauthorized attacker to capture...
High
Unreviewed
CVE-2024-8912
was published
Oct 11, 2024
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in...
High
Unreviewed
CVE-2022-26377
was published
Jun 10, 2022
An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1. A request...
High
Unreviewed
CVE-2022-45059
was published
Nov 9, 2022
An active network attacker (MiTM) can achieve remote code execution on a machine that runs IKARUS...
High
Unreviewed
CVE-2017-15643
was published
May 17, 2022
Apache Traffic Server allows request smuggling if chunked messages are malformed.
This...
High
Unreviewed
CVE-2024-53868
was published
Apr 3, 2025
HTTP Request Smuggling vulnerability in netease-youdao/qanything version 1.4.1 allows attackers...
High
Unreviewed
CVE-2024-10264
was published
Mar 20, 2025
Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.5~1.7.0 on all platforms allows...
High
Unreviewed
CVE-2024-23452
was published
Feb 8, 2024
ProTip!
Advisories are also available from the
GraphQL API