Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
2,992
Maven
5,000+
npm
4,705
NuGet
788
pip
4,328
Pub
12
RubyGems
987
Rust
1,134
Swift
49
Unreviewed advisories
All unreviewed
5,000+

278 advisories

Loading
Improper Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in Delinea Inc.... Moderate Unreviewed
CVE-2025-12811 was published Feb 19, 2026
An inconsistent interpretation of http requests ('http request smuggling') vulnerability in... Moderate Unreviewed
CVE-2025-55018 was published Feb 10, 2026
A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Smuggling... Moderate Unreviewed
CVE-2026-1801 was published Feb 3, 2026
A flaw was found in SoupServer. This HTTP request smuggling vulnerability occurs because... Moderate Unreviewed
CVE-2026-1760 was published Feb 2, 2026
A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns... High Unreviewed
CVE-2025-14523 was published Dec 11, 2025
Illegal HTTP request traffic vulnerability (CL.0) in Altitude Communication Server, caused by... Moderate Unreviewed
CVE-2025-41082 was published Jan 26, 2026
HTTP Request Smuggling: Content-Length Sent Twice in Waitress Critical
CVE-2019-16792 was published for waitress (pip) Dec 20, 2019
Duplicate Advisory: Inconsistent Interpretation of HTTP Requests in Waitress High
GHSA-j7j6-7hfx-5522 was published for waitress (pip) May 24, 2022 withdrawn
Vert.x Web static handler component cache can be manipulated to deny the access to static files Moderate
CVE-2026-1002 was published for io.vertx:vertx-core (Maven) Jan 15, 2026
yeikel
Credited to yeikel
h3 v1 has Request Smuggling (TE.TE) issue High
CVE-2026-23527 was published for h3 (npm) Jan 15, 2026
simonkoeck
Credited to simonkoeck
AIOHTTP has unicode match groups in regexes for ASCII protocol elements Low
CVE-2025-69225 was published for aiohttp (pip) Jan 5, 2026
ThomasRinsma
Credited to ThomasRinsma
AIOHTTP's unicode processing of header values could cause parsing discrepancies Low
CVE-2025-69224 was published for aiohttp (pip) Jan 5, 2026
ThomasRinsma
Credited to ThomasRinsma
flagd: Multiple Go Runtime CVEs Impact Security and Availability High
GHSA-4c5f-9mj4-m247 was published for github.com/open-feature/flagd/core (Go) Jan 5, 2026
pramod-ahire
Credited to pramod-ahire
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in... Moderate Unreviewed
CVE-2025-12874 was published Dec 19, 2025
Member Login Script 3.3 contains a client-side desynchronization vulnerability that allows... Moderate Unreviewed
CVE-2023-53878 was published Dec 15, 2025
An issue was discovered in Outsystems Platform Server 11.18.1.37828 allows attackers to cause a... High Unreviewed
CVE-2025-61258 was published Dec 9, 2025
Akamai Ghost on Akamai CDN edge servers before 2025-11-17 has a chunked request body processing... Moderate Unreviewed
CVE-2025-66373 was published Dec 4, 2025
Hono vulnerable to Vary Header Injection leading to potential CORS Bypass Moderate
GHSA-q7jf-gf43-6x6p was published for hono (npm) Oct 24, 2025
gigatechcode
Credited to gigatechcode
lighttpd1.4.80 incorrectly merged trailer fields into headers after http request parsing. This... Moderate Unreviewed
CVE-2025-12642 was published Nov 3, 2025
The team has identified a critical vulnerability in the http server of the most recent version of... Moderate Unreviewed
CVE-2024-27982 was published May 7, 2024
Puma's header normalization allows for client to clobber proxy set headers Moderate
CVE-2024-45614 was published for puma (RubyGems) Sep 20, 2024
twisted.web has disordered HTTP pipeline response Moderate
CVE-2024-41671 was published for twisted (pip) Jul 29, 2024
kenballus twm
adiroiban
Credited to kenballus, twm, and adiroiban
Puma HTTP Request/Response Smuggling vulnerability Moderate
CVE-2024-21647 was published for puma (RubyGems) Jan 8, 2024
bartekn
Credited to bartekn
twisted.web has disordered HTTP pipeline response Moderate
CVE-2023-46137 was published for twisted (pip) Oct 25, 2023
mukeran
Credited to mukeran
Eventlet affected by HTTP request smuggling in unparsed trailers Moderate
CVE-2025-58068 was published for eventlet (pip) Aug 29, 2025
sebastianosrt
Credited to sebastianosrt
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database