GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
214 advisories
Filter by severity
The parser in accepts requests with a space (SP) right after the header name before the colon....
Moderate
Unreviewed
CVE-2021-22959
was published
May 24, 2022
Belledonne Belle-sip before 5.0.20 can crash applications such as Linphone via an invalid From...
High
Unreviewed
CVE-2021-43610
was published
May 24, 2022
Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate...
High
Unreviewed
CVE-2021-29991
was published
May 24, 2022
The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extensions when parsing the body...
Moderate
Unreviewed
CVE-2021-22960
was published
May 24, 2022
An issue was discovered in zeek version 4.1.0. There is a HTTP request splitting vulnerability...
High
Unreviewed
CVE-2021-41732
was published
May 24, 2022
Ping Identity PingAccess before 5.3.3 allows HTTP request smuggling via header manipulation.
Moderate
Unreviewed
CVE-2021-31923
was published
May 24, 2022
SAP Web Dispatcher versions - 7.49, 7.53, 7.77, 7.81, KRNL64NUC - 7.22, 7.22EXT, 7.49, KRNL64UC ...
Critical
Unreviewed
CVE-2021-38162
was published
May 24, 2022
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 a vulnerability may allow remote attackers to...
Moderate
Unreviewed
CVE-2021-34559
was published
May 24, 2022
Belledonne Belle-sip before 4.5.20, as used in Linphone and other products, can crash via an...
High
Unreviewed
CVE-2021-33056
was published
May 24, 2022
An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting')...
Moderate
Unreviewed
CVE-2021-32598
was published
May 24, 2022
SAP Web Dispatcher and Internet Communication Manager (ICM), versions - KRNL32NUC 7.21, 7.21EXT,...
Moderate
Unreviewed
CVE-2021-33683
was published
May 24, 2022
Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a...
Moderate
Unreviewed
CVE-2021-36740
was published
May 24, 2022
Invalid values in the Content-Length header sent to Apache Traffic Server allows an attacker to...
High
Unreviewed
CVE-2021-32565
was published
May 24, 2022
Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to...
High
Unreviewed
CVE-2021-27577
was published
May 24, 2022
Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not...
Moderate
Unreviewed
CVE-2019-17567
was published
May 24, 2022
Some Huawei products have an inconsistent interpretation of HTTP requests vulnerability....
High
Unreviewed
CVE-2021-22293
was published
May 24, 2022
In JetBrains Ktor before 1.4.3, HTTP Request Smuggling was possible.
Moderate
Unreviewed
CVE-2021-25762
was published
May 24, 2022
All versions of package tornado are vulnerable to Web Cache Poisoning by using a vector called...
Moderate
Unreviewed
CVE-2020-28476
was published
May 24, 2022
SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, 2011, allows an authenticated attacker to...
Moderate
Unreviewed
CVE-2021-21445
was published
May 24, 2022
ATS negative cache option is vulnerable to a cache poisoning attack. If you have this option...
High
Unreviewed
CVE-2020-17509
was published
May 24, 2022
IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web cache poisoning, caused by...
Moderate
Unreviewed
CVE-2020-4896
was published
May 24, 2022
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in...
Moderate
Unreviewed
CVE-2020-8287
was published
May 24, 2022
Kamailio before 5.4.0, as used in Sip Express Router (SER) in Sippy Softswitch 4.5 through 5.2...
Moderate
Unreviewed
CVE-2020-28361
was published
May 24, 2022
In JetBrains Ktor before 1.4.1, HTTP request smuggling was possible.
Moderate
Unreviewed
CVE-2020-26129
was published
May 24, 2022
WEBRick vulnerable to HTTP Request/Response Smuggling
High
CVE-2020-25613
was published
for
webrick
(RubyGems)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API