Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,002
Maven
5,000+
npm
4,724
NuGet
788
pip
4,335
Pub
12
RubyGems
987
Rust
1,136
Swift
50
Unreviewed advisories
All unreviewed
5,000+

124 advisories

Loading
Improper Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in Delinea Inc.... Moderate Unreviewed
CVE-2025-12811 was published Feb 19, 2026
An inconsistent interpretation of http requests ('http request smuggling') vulnerability in... Moderate Unreviewed
CVE-2025-55018 was published Feb 10, 2026
A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Smuggling... Moderate Unreviewed
CVE-2026-1801 was published Feb 3, 2026
A flaw was found in SoupServer. This HTTP request smuggling vulnerability occurs because... Moderate Unreviewed
CVE-2026-1760 was published Feb 2, 2026
Illegal HTTP request traffic vulnerability (CL.0) in Altitude Communication Server, caused by... Moderate Unreviewed
CVE-2025-41082 was published Jan 26, 2026
Vert.x Web static handler component cache can be manipulated to deny the access to static files Moderate
CVE-2026-1002 was published for io.vertx:vertx-core (Maven) Jan 15, 2026
yeikel
Credited to yeikel
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in... Moderate Unreviewed
CVE-2025-12874 was published Dec 19, 2025
Member Login Script 3.3 contains a client-side desynchronization vulnerability that allows... Moderate Unreviewed
CVE-2023-53878 was published Dec 15, 2025
Akamai Ghost on Akamai CDN edge servers before 2025-11-17 has a chunked request body processing... Moderate Unreviewed
CVE-2025-66373 was published Dec 4, 2025
lighttpd1.4.80 incorrectly merged trailer fields into headers after http request parsing. This... Moderate Unreviewed
CVE-2025-12642 was published Nov 3, 2025
Hono vulnerable to Vary Header Injection leading to potential CORS Bypass Moderate
GHSA-q7jf-gf43-6x6p was published for hono (npm) Oct 24, 2025
gigatechcode
Credited to gigatechcode
Connection desynchronization between an HTTP proxy and the model backend. The fixes were rolled... Moderate Unreviewed
CVE-2025-11915 was published Oct 22, 2025
Http4s vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer section Moderate
CVE-2025-59822 was published for org.http4s:http4s-ember-core_2.12 (Maven) Sep 23, 2025
sebastianosrt samspills
rossabaker
Credited to sebastianosrt, samspills, and rossabaker
An HTTP Request Smuggling [CWE-444] vulnerability in the Authentication portal of WatchGuard... Moderate Unreviewed
CVE-2025-6999 was published Sep 16, 2025
Eventlet affected by HTTP request smuggling in unparsed trailers Moderate
CVE-2025-58068 was published for eventlet (pip) Aug 29, 2025
sebastianosrt
Credited to sebastianosrt
Akamai Ghost before 2025-07-21 allows HTTP Request Smuggling via an OPTIONS request that has an... Moderate Unreviewed
CVE-2025-54142 was published Aug 29, 2025
mitmproxy binaries embed a vulnerable python-hyper/h2 dependency Moderate
GHSA-63cx-g855-hvv4 was published for mitmproxy (pip) Aug 25, 2025
sebastianosrt mhils
Credited to sebastianosrt and mhils
An issue was discovered in Akamai Ghost, as used for the Akamai CDN platform before 2025-03-26.... Moderate Unreviewed
CVE-2025-32094 was published Aug 7, 2025
Ruby WEBrick read_headers method can lead to HTTP Request/Response Smuggling Moderate
CVE-2025-6442 was published for webrick (RubyGems) Jun 26, 2025
A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using `\r\n\rX`... Moderate Unreviewed
CVE-2025-23167 was published May 19, 2025
Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow... Moderate Unreviewed
CVE-2025-47905 was published May 14, 2025
croogo Host header injection Moderate
CVE-2024-29643 was published for croogo/croogo (Composer) Apr 21, 2025
CVE-2025-1386- Query smuggling in ch-go library Moderate
CVE-2025-1386 was published for github.com/ClickHouse/ch-go (Go) Apr 12, 2025
IBM Cognos Controller 11.0.0 through 11.1.0 is vulnerable to a Client-Side Desync (CSD) attack... Moderate Unreviewed
CVE-2022-39163 was published Mar 26, 2025
Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via... Moderate Unreviewed
CVE-2025-30346 was published Mar 21, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database