Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,026
Maven
5,000+
npm
4,763
NuGet
824
pip
4,366
Pub
12
RubyGems
987
Rust
1,143
Swift
50
Unreviewed advisories
All unreviewed
5,000+

36 advisories

Loading
HTTP Request Smuggling: Invalid whitespace characters in headers in Waitress High
GHSA-m5ff-3wj3-8ph4 was published for waitress (pip) Dec 26, 2019
Tornado vulnerable to HTTP request smuggling via improper parsing of `Content-Length` fields and chunk lengths Moderate
GHSA-qppv-j76h-2rpx was published for tornado (pip) Aug 14, 2023
kenballus
Credited to kenballus
Apache HTTP Server via mod_proxy_uwsgi HTTP response smuggling High
CVE-2023-27522 was published for uWSGI (pip) Mar 7, 2023
joshbressers
Credited to joshbressers
yt-dlp Generic Extractor MITM Vulnerability via Arbitrary Proxy Injection Moderate
CVE-2023-46121 was published for yt-dlp (pip) Nov 15, 2023
coletdjnz
Credited to coletdjnz
aiohttp has vulnerable dependency that is vulnerable to request smuggling Moderate
GHSA-pjjw-qhg8-p2p9 was published for aiohttp (pip) Nov 27, 2023
kenballus
Credited to kenballus
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in tornado Moderate
GHSA-753j-mpmx-qq6g was published for tornado (pip) Jun 6, 2024
kenballus
Credited to kenballus
aiohttp.web.Application vulnerable to HTTP request smuggling via llhttp HTTP request parser Moderate
CVE-2023-37276 was published for aiohttp (pip) Jul 20, 2023
sethmlarson
Credited to sethmlarson
bottle HTTP Request smuggling Moderate
CVE-2020-28473 was published for bottle (pip) Apr 7, 2021
meinheld vulnerable to HTTP Request Smuggling Moderate
CVE-2020-7658 was published for meinheld (pip) May 24, 2022
Lacking Protection against HTTP Request Smuggling in mitmproxy Critical
CVE-2021-39214 was published for mitmproxy (pip) Sep 20, 2021
chinchila mhils
Credited to chinchila and mhils
Insufficient Protection against HTTP Request Smuggling in mitmproxy Critical
CVE-2022-24766 was published for mitmproxy (pip) Mar 22, 2022
zeyu2001 mhils
Credited to zeyu2001 and mhils
HTTP Request Smuggling in netius Moderate
CVE-2020-7655 was published for netius (pip) Jun 18, 2021
HTTP Request Smuggling: LF vs CRLF handling in Waitress Moderate
CVE-2019-16785 was published for waitress (pip) Dec 20, 2019
HTTP Request Smuggling: Invalid Transfer-Encoding in Waitress Moderate
CVE-2019-16786 was published for waitress (pip) Dec 20, 2019
HTTP Request Smuggling in Waitress: Invalid whitespace characters in headers (Follow-up) Moderate
CVE-2019-16789 was published for waitress (pip) Jan 6, 2020
HTTP Request Smuggling in waitress High
CVE-2022-24761 was published for waitress (pip) Mar 18, 2022
zeyu2001
Credited to zeyu2001
Improper Input Validation in Twisted Critical
CVE-2020-10108 was published for Twisted (pip) Mar 31, 2020
HTTP Request Smuggling in Twisted Critical
CVE-2020-10109 was published for Twisted (pip) Mar 31, 2020
Inconsistent Interpretation of HTTP Requests in twisted.web Critical
CVE-2022-24801 was published for twisted (pip) Apr 4, 2022
zeyu2001 twm
exarkun
Credited to zeyu2001, twm, and exarkun
Waitress has request processing race condition in HTTP pipelining with invalid first request Critical
CVE-2024-49768 was published for waitress (pip) Oct 29, 2024
digitalresistor mmerickel
Credited to digitalresistor and mmerickel
h11 accepts some malformed Chunked-Encoding bodies Critical
CVE-2025-43859 was published for h11 (pip) Apr 24, 2025
JeppW
Credited to JeppW
AIOHTTP is vulnerable to HTTP Request/Response Smuggling through incorrect parsing of chunked trailer sections Low
CVE-2025-53643 was published for aiohttp (pip) Jul 14, 2025
JeppW
Credited to JeppW
mitmproxy binaries embed a vulnerable python-hyper/h2 dependency Moderate
GHSA-63cx-g855-hvv4 was published for mitmproxy (pip) Aug 25, 2025
sebastianosrt mhils
Credited to sebastianosrt and mhils
Request smuggling leading to endpoint restriction bypass in Gunicorn High
CVE-2024-1135 was published for gunicorn (pip) Apr 16, 2024
Gunicorn HTTP Request/Response Smuggling vulnerability High
CVE-2024-6827 was published for gunicorn (pip) Mar 20, 2025
xzpjerry
Credited to xzpjerry
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database