Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
86
GitHub Actions
54
Go
4,169
Maven
5,000+
npm
5,000+
NuGet
1,019
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,421
Swift
61
Unreviewed advisories
All unreviewed
5,000+

40 advisories

Loading
HTTP Request Smuggling: LF vs CRLF handling in Waitress Moderate
CVE-2019-16785 was published for waitress (pip) Dec 20, 2019
HTTP Request Smuggling: Invalid Transfer-Encoding in Waitress Moderate
CVE-2019-16786 was published for waitress (pip) Dec 20, 2019
HTTP Request Smuggling: Content-Length Sent Twice in Waitress Critical
CVE-2019-16792 was published for waitress (pip) Dec 20, 2019
HTTP Request Smuggling: Invalid whitespace characters in headers in Waitress High
GHSA-m5ff-3wj3-8ph4 was published for waitress (pip) Dec 26, 2019
HTTP Request Smuggling in Waitress: Invalid whitespace characters in headers (Follow-up) Moderate
CVE-2019-16789 was published for waitress (pip) Jan 6, 2020
HTTP Request Smuggling in Twisted Critical
CVE-2020-10109 was published for Twisted (pip) Mar 31, 2020
Improper Input Validation in Twisted Critical
CVE-2020-10108 was published for Twisted (pip) Mar 31, 2020
bottle HTTP Request smuggling Moderate
CVE-2020-28473 was published for bottle (pip) Apr 7, 2021
HTTP Request Smuggling in netius Moderate
CVE-2020-7655 was published for netius (pip) Jun 18, 2021
Lacking Protection against HTTP Request Smuggling in mitmproxy Critical
CVE-2021-39214 was published for mitmproxy (pip) Sep 20, 2021
chinchila Credited to chinchila and mhils mhils mhils
HTTP Request Smuggling in waitress High
CVE-2022-24761 was published for waitress (pip) Mar 18, 2022
zeyu2001 Credited to zeyu2001
Insufficient Protection against HTTP Request Smuggling in mitmproxy Critical
CVE-2022-24766 was published for mitmproxy (pip) Mar 22, 2022
zeyu2001 Credited to zeyu2001 and mhils mhils mhils
Inconsistent Interpretation of HTTP Requests in twisted.web Critical
CVE-2022-24801 was published for twisted (pip) Apr 4, 2022
zeyu2001 Credited to zeyu2001, twm, and exarkun twm twm
exarkun exarkun
Duplicate Advisory: Inconsistent Interpretation of HTTP Requests in Waitress High
GHSA-j7j6-7hfx-5522 was published for waitress (pip) May 24, 2022 withdrawn
xnuinside Credited to xnuinside
meinheld vulnerable to HTTP Request Smuggling Moderate
CVE-2020-7658 was published for meinheld (pip) May 24, 2022
Apache HTTP Server via mod_proxy_uwsgi HTTP response smuggling High
CVE-2023-27522 was published for uWSGI (pip) Mar 7, 2023
joshbressers Credited to joshbressers
aiohttp.web.Application vulnerable to HTTP request smuggling via llhttp HTTP request parser Moderate
CVE-2023-37276 was published for aiohttp (pip) Jul 20, 2023
sethmlarson Credited to sethmlarson and Dreamsorcerer Dreamsorcerer Dreamsorcerer
Tornado vulnerable to HTTP request smuggling via improper parsing of `Content-Length` fields and chunk lengths Moderate
GHSA-qppv-j76h-2rpx was published for tornado (pip) Aug 14, 2023
kenballus Credited to kenballus
twisted.web has disordered HTTP pipeline response Moderate
CVE-2023-46137 was published for twisted (pip) Oct 25, 2023
mukeran Credited to mukeran
Aiohttp has inconsistent interpretation of `Content-Length` vs. `Transfer-Encoding` differing in C and Python fallbacks Low
CVE-2023-47641 was published for aiohttp (pip) Nov 14, 2023
chinchila Credited to chinchila
AIOHTTP has problems in HTTP parser (the python one, not llhttp) Moderate
CVE-2023-47627 was published for aiohttp (pip) Nov 14, 2023
kenballus Credited to kenballus and Dreamsorcerer Dreamsorcerer Dreamsorcerer
yt-dlp Generic Extractor MITM Vulnerability via Arbitrary Proxy Injection Moderate
CVE-2023-46121 was published for yt-dlp (pip) Nov 15, 2023
coletdjnz Credited to coletdjnz
aiohttp has vulnerable dependency that is vulnerable to request smuggling Moderate
GHSA-pjjw-qhg8-p2p9 was published for aiohttp (pip) Nov 27, 2023
kenballus Credited to kenballus and Dreamsorcerer Dreamsorcerer Dreamsorcerer
aiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separators Moderate
CVE-2024-23829 was published for aiohttp (pip) Jan 29, 2024
pajod Credited to pajod
Request smuggling leading to endpoint restriction bypass in Gunicorn High
CVE-2024-1135 was published for gunicorn (pip) Apr 16, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database