GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 26,179
Composer 5,229
Erlang 40
GitHub Actions 41
Go 2,992
Maven 6,259
npm 4,705
NuGet 788
pip 4,328
Pub 12
RubyGems 987
Rust 1,134
Swift 49

Unreviewed advisories

All unreviewed 290,191

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

152 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Improper Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in Delinea Inc.... Moderate Unreviewed

CVE-2025-12811 was published Feb 19, 2026

An inconsistent interpretation of http requests ('http request smuggling') vulnerability in... Moderate Unreviewed

CVE-2025-55018 was published Feb 10, 2026

A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Smuggling... Moderate Unreviewed

CVE-2026-1801 was published Feb 3, 2026

A flaw was found in SoupServer. This HTTP request smuggling vulnerability occurs because... Moderate Unreviewed

CVE-2026-1760 was published Feb 2, 2026

Illegal HTTP request traffic vulnerability (CL.0) in Altitude Communication Server, caused by... Moderate Unreviewed

CVE-2025-41082 was published Jan 26, 2026

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in... Moderate Unreviewed

CVE-2025-12874 was published Dec 19, 2025

Member Login Script 3.3 contains a client-side desynchronization vulnerability that allows... Moderate Unreviewed

CVE-2023-53878 was published Dec 15, 2025

A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns... High Unreviewed

CVE-2025-14523 was published Dec 11, 2025

An issue was discovered in Outsystems Platform Server 11.18.1.37828 allows attackers to cause a... High Unreviewed

CVE-2025-61258 was published Dec 9, 2025

Akamai Ghost on Akamai CDN edge servers before 2025-11-17 has a chunked request body processing... Moderate Unreviewed

CVE-2025-66373 was published Dec 4, 2025

lighttpd1.4.80 incorrectly merged trailer fields into headers after http request parsing. This... Moderate Unreviewed

CVE-2025-12642 was published Nov 3, 2025

Connection desynchronization between an HTTP proxy and the model backend. The fixes were rolled... Moderate Unreviewed

CVE-2025-11915 was published Oct 22, 2025

An HTTP Request Smuggling [CWE-444] vulnerability in the Authentication portal of WatchGuard... Moderate Unreviewed

CVE-2025-6999 was published Sep 16, 2025

Akamai Ghost before 2025-07-21 allows HTTP Request Smuggling via an OPTIONS request that has an... Moderate Unreviewed

CVE-2025-54142 was published Aug 29, 2025

An issue was discovered in Akamai Ghost, as used for the Akamai CDN platform before 2025-03-26.... Moderate Unreviewed

CVE-2025-32094 was published Aug 7, 2025

A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using `\r\n\rX`... Moderate Unreviewed

CVE-2025-23167 was published May 19, 2025

A request smuggling vulnerability existed in the Google Cloud Classic Application Load Balancer... High Unreviewed

CVE-2025-4600 was published May 16, 2025

Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow... Moderate Unreviewed

CVE-2025-47905 was published May 14, 2025

Radware Cloud Web Application Firewall (WAF) before 2025-05-07 allows remote attackers to bypass... Critical Unreviewed

CVE-2024-56523 was published May 12, 2025

An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct... High Unreviewed

CVE-2024-33452 was published Apr 22, 2025

Apache Traffic Server allows request smuggling if chunked messages are malformed. This... High Unreviewed

CVE-2024-53868 was published Apr 3, 2025

IBM Cognos Controller 11.0.0 through 11.1.0 is vulnerable to a Client-Side Desync (CSD) attack... Moderate Unreviewed

CVE-2022-39163 was published Mar 26, 2025

Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via... Moderate Unreviewed

CVE-2025-30346 was published Mar 21, 2025

HTTP Request Smuggling vulnerability in netease-youdao/qanything version 1.4.1 allows attackers... High Unreviewed

CVE-2024-10264 was published Mar 20, 2025

In JetBrains Ktor before 3.1.1 an HTTP Request Smuggling was possible Moderate Unreviewed

CVE-2025-29904 was published Mar 12, 2025

Previous1…7 Next

Previous 1 2 3 4 5 6 7 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

152 advisories