GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 26,226
Composer 5,232
Erlang 40
GitHub Actions 41
Go 3,002
Maven 6,264
npm 4,724
NuGet 788
pip 4,335
Pub 12
RubyGems 987
Rust 1,136
Swift 50

Unreviewed advisories

All unreviewed 290,479

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

71 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Improper Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in Delinea Inc.... Moderate Unreviewed

CVE-2025-12811 was published Feb 19, 2026

An inconsistent interpretation of http requests ('http request smuggling') vulnerability in... Moderate Unreviewed

CVE-2025-55018 was published Feb 10, 2026

A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Smuggling... Moderate Unreviewed

CVE-2026-1801 was published Feb 3, 2026

A flaw was found in SoupServer. This HTTP request smuggling vulnerability occurs because... Moderate Unreviewed

CVE-2026-1760 was published Feb 2, 2026

Illegal HTTP request traffic vulnerability (CL.0) in Altitude Communication Server, caused by... Moderate Unreviewed

CVE-2025-41082 was published Jan 26, 2026

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in... Moderate Unreviewed

CVE-2025-12874 was published Dec 19, 2025

Member Login Script 3.3 contains a client-side desynchronization vulnerability that allows... Moderate Unreviewed

CVE-2023-53878 was published Dec 15, 2025

Akamai Ghost on Akamai CDN edge servers before 2025-11-17 has a chunked request body processing... Moderate Unreviewed

CVE-2025-66373 was published Dec 4, 2025

lighttpd1.4.80 incorrectly merged trailer fields into headers after http request parsing. This... Moderate Unreviewed

CVE-2025-12642 was published Nov 3, 2025

Connection desynchronization between an HTTP proxy and the model backend. The fixes were rolled... Moderate Unreviewed

CVE-2025-11915 was published Oct 22, 2025

An HTTP Request Smuggling [CWE-444] vulnerability in the Authentication portal of WatchGuard... Moderate Unreviewed

CVE-2025-6999 was published Sep 16, 2025

Akamai Ghost before 2025-07-21 allows HTTP Request Smuggling via an OPTIONS request that has an... Moderate Unreviewed

CVE-2025-54142 was published Aug 29, 2025

An issue was discovered in Akamai Ghost, as used for the Akamai CDN platform before 2025-03-26.... Moderate Unreviewed

CVE-2025-32094 was published Aug 7, 2025

A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using `\r\n\rX`... Moderate Unreviewed

CVE-2025-23167 was published May 19, 2025

Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow... Moderate Unreviewed

CVE-2025-47905 was published May 14, 2025

IBM Cognos Controller 11.0.0 through 11.1.0 is vulnerable to a Client-Side Desync (CSD) attack... Moderate Unreviewed

CVE-2022-39163 was published Mar 26, 2025

Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via... Moderate Unreviewed

CVE-2025-30346 was published Mar 21, 2025

In JetBrains Ktor before 3.1.1 an HTTP Request Smuggling was possible Moderate Unreviewed

CVE-2025-29904 was published Mar 12, 2025

In Perfex Crm < 3.2.1, an authenticated attacker can send a crafted HTTP POST request to the... Moderate Unreviewed

CVE-2024-56908 was published Feb 14, 2025

A flaw was found in OpenShift Service Mesh 2.6.3 and 2.5.6. Rate-limiter avoidance, access... Moderate Unreviewed

CVE-2025-0752 was published Jan 28, 2025

Inconsistent interpretation of HTTP requests ('HTTP Request/Response Smuggling') issue exists in... Moderate Unreviewed

CVE-2024-53008 was published Nov 28, 2024

Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services... Moderate Unreviewed

CVE-2024-21281 was published Oct 15, 2024

In Mastodon 4.1.6, API endpoint rate limiting can be bypassed by setting a crafted HTTP request... Moderate Unreviewed

CVE-2024-34535 was published Oct 3, 2024

Loway - CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Moderate Unreviewed

CVE-2024-42342 was published Sep 8, 2024

The pagination class includes arbitrary parameters in links, leading to cache poisoning attack... Moderate Unreviewed

CVE-2024-27185 was published Aug 20, 2024

Previous1…3 Next

Previous 1 2 3 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

71 advisories