GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,217
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,443
Swift
61
Unreviewed advisories
All unreviewed
5,000+
17 advisories
Filter by severity
Netty has HttpClientCodec response desynchronization
High
CVE-2026-42584
was published
for
io.netty:netty-codec-http
(Maven)
May 7, 2026
Jetty has HTTP Request Smuggling via Chunked Extension Quoted-String Parsing
High
CVE-2026-2332
was published
for
org.eclipse.jetty:jetty-http
(Maven)
Apr 14, 2026
Apache Tomcat has an HTTP Request/Response Smuggling vulnerability
High
CVE-2026-24880
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Apr 9, 2026
Undertow is Vulnerable to HTTP Request/Response Smuggling
High
CVE-2026-28368
was published
for
io.undertow:undertow-parent
(Maven)
Mar 27, 2026
Undertow is Vulnerable to HTTP Request/Response Smuggling
High
CVE-2026-28367
was published
for
io.undertow:undertow-parent
(Maven)
Mar 27, 2026
Undertow is Vulnerable to HTTP Request/Response Smuggling
High
CVE-2026-28369
was published
for
io.undertow:undertow-parent
(Maven)
Mar 27, 2026
Netty: HTTP Request Smuggling via Chunked Extension Quoted-String Parsing
High
CVE-2026-33870
was published
for
io.netty:netty-codec-http
(Maven)
Mar 26, 2026
Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies
High
CVE-2025-41235
was published
for
org.springframework.cloud:spring-cloud-gateway-server
(Maven)
May 30, 2025
io.quarkus.http/quarkus-http-core: Quarkus HTTP Cookie Smuggling
High
CVE-2024-12397
was published
for
io.quarkus.http:quarkus-http-core
(Maven)
Dec 12, 2024
Undertow incorrectly parses cookies
High
CVE-2023-4639
was published
for
io.undertow:undertow-core
(Maven)
Nov 17, 2024
Apache Tomcat Improper Input Validation vulnerability
High
CVE-2023-46589
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Nov 28, 2023
Apache Tomcat may reject request containing invalid Content-Length header
High
CVE-2022-42252
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Nov 1, 2022
Inconsistent Interpretation of HTTP Requests in Red Hat JBoss EAP
High
CVE-2017-7561
was published
for
org.jboss.resteasy:resteasy-jaxrs
(Maven)
May 13, 2022
Undertow Request Smuggling vulnerability
High
CVE-2017-12165
was published
for
io.undertow:undertow-core
(Maven)
May 13, 2022
HTTP Request Smuggling in Netty
High
CVE-2020-7238
was published
for
io.netty:netty-handler
(Maven)
Feb 21, 2020
HTTP Request Smuggling in Netty
High
CVE-2019-16869
was published
for
io.netty:netty
(Maven)
Oct 11, 2019
Jetty vulnerable to cache poisoning due to inconsistent HTTP request handling (HTTP Request Smuggling)
High
CVE-2017-7656
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Oct 19, 2018
ProTip!
Advisories are also available from the
GraphQL API