GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

GitHub reviewed advisories

All reviewed 32,549
Composer 6,122
Erlang 86
GitHub Actions 54
Go 4,175
Maven 6,713
npm 6,687
NuGet 1,019
pip 5,531
Pub 13
RubyGems 1,102
Rust 1,421
Swift 61

Unreviewed advisories

All unreviewed 310,878

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

178 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Inconsistent interpretation of HTTP/2 requests in Amazon CloudFront with AWS WAF enabled might... High Unreviewed

CVE-2026-13762 was published Jun 29, 2026

Inconsistent interpretation of HTTP/2 requests in AWS Application Load Balancer with AWS WAF... High Unreviewed

CVE-2026-13763 was published Jun 29, 2026

nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade request that also carries a... Moderate Unreviewed

CVE-2026-58055 was published Jun 28, 2026

IBM WebSphere Application Server 9.0 and 8.5 and IBM WebSphere Application Server - Liberty 17.0... High Unreviewed

CVE-2026-8646 was published Jun 22, 2026

Tinyproxy through 1.11.3, fixed in commit ff45d3b, fails to reconcile conflicting Content-Length... Critical Unreviewed

CVE-2026-54387 was published Jun 17, 2026

Tinyproxy through 1.11.3, fixed in commit 364cdb6, fails to reject requests containing multiple... Critical Unreviewed

CVE-2026-54388 was published Jun 17, 2026

A HTTP request smuggling and desynchronization vulnerability affects Kong Gateway Enterprise 3.4,... Moderate Unreviewed

CVE-2026-6338 was published Jun 11, 2026

Spring MVC and WebFlux applications are vulnerable to Multipart request smuggling attacks. ... Moderate Unreviewed

CVE-2026-41853 was published Jun 9, 2026

daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's parsed headers and feeds it to... Low Unreviewed

CVE-2026-44546 was published Jun 3, 2026

In Vinyl Cache before 9.0.1 and Varnish Cache before 9.0.3, a deficiency in HTTP/2 request... Low Unreviewed

CVE-2026-50052 was published Jun 3, 2026

A flaw was found in libsoup. A remote attacker could exploit an unsigned to signed conversion... Moderate Unreviewed

CVE-2026-6324 was published May 29, 2026

IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM... High Unreviewed

CVE-2026-9170 was published May 26, 2026

IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM... High Unreviewed

CVE-2026-8620 was published May 26, 2026

An inconsistent interpretation of http requests ('http request smuggling') vulnerability in... Moderate Unreviewed

CVE-2025-55018 was published Feb 10, 2026

Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header... High Unreviewed

CVE-2026-40562 was published May 6, 2026

Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header... Moderate Unreviewed

CVE-2026-40561 was published May 3, 2026

Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header... High Unreviewed

CVE-2026-40560 was published Apr 29, 2026

** UNSUPPORTED WHEN ASSIGNED ** Inconsistent Interpretation of HTTP Requests ('HTTP Request... Critical Unreviewed

CVE-2026-41873 was published Apr 28, 2026

A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The... Low Unreviewed

CVE-2026-2708 was published Apr 24, 2026

HCL BigFix Service Management is susceptible to HTTP Request Smuggling. HTTP request smuggling... Low Unreviewed

CVE-2025-31958 was published Apr 21, 2026

Tinyproxy through 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case... High Unreviewed

CVE-2026-31842 was published Apr 7, 2026

Apache Traffic Server allows request smuggling if chunked messages are malformed. This issue... High Unreviewed

CVE-2025-65114 was published Apr 2, 2026

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container... Moderate Unreviewed

CVE-2026-2862 was published Apr 1, 2026

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container... Moderate Unreviewed

CVE-2026-1491 was published Apr 1, 2026

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in... Low Unreviewed

CVE-2026-4742 was published Mar 24, 2026

Previous1…8 Next

Previous 1 2 3 4 5 6 7 8 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

178 advisories