Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,500
Maven
5,000+
npm
4,147
NuGet
735
pip
3,948
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

257 advisories

Loading
aiohttp has vulnerable dependency that is vulnerable to request smuggling Moderate
GHSA-pjjw-qhg8-p2p9 was published for aiohttp (pip) Nov 27, 2023
kenballus
Qlik Sense Enterprise for Windows before August 2023 Patch 2 allows unauthenticated remote code... Critical Unreviewed
CVE-2023-48365 was published Nov 16, 2023
yt-dlp Generic Extractor MITM Vulnerability via Arbitrary Proxy Injection Moderate
CVE-2023-46121 was published for yt-dlp (pip) Nov 15, 2023
coletdjnz
AIOHTTP has problems in HTTP parser (the python one, not llhttp) Moderate
CVE-2023-47627 was published for aiohttp (pip) Nov 14, 2023
kenballus
Aiohttp has inconsistent interpretation of `Content-Length` vs. `Transfer-Encoding` differing in C and Python fallbacks Low
CVE-2023-47641 was published for aiohttp (pip) Nov 14, 2023
chinchila
twisted.web has disordered HTTP pipeline response Moderate
CVE-2023-46137 was published for twisted (pip) Oct 25, 2023
mukeran
HPE MSA Controller prior to version IN210R004 could be remotely exploited to allow inconsistent... Moderate Unreviewed
CVE-2023-30910 was published Oct 9, 2023
An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions... Critical Unreviewed
CVE-2023-41265 was published Aug 30, 2023
Puma HTTP Request/Response Smuggling vulnerability Critical
CVE-2023-40175 was published for puma (RubyGems) Aug 18, 2023
kenballus
Tornado vulnerable to HTTP request smuggling via improper parsing of `Content-Length` fields and chunk lengths Moderate
GHSA-qppv-j76h-2rpx was published for tornado (pip) Aug 14, 2023
kenballus
HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and... High Unreviewed
CVE-2023-40225 was published Aug 10, 2023
Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.This... Critical Unreviewed
CVE-2023-33934 was published Aug 9, 2023
VMware Horizon Server contains a HTTP request smuggling vulnerability. A malicious actor with... Moderate Unreviewed
CVE-2023-34037 was published Aug 4, 2023
protocol-http1 HTTP Request/Response Smuggling vulnerability Moderate
CVE-2023-38697 was published for protocol-http1 (RubyGems) Aug 3, 2023
mukeran chenjj
ioquatix
aiohttp.web.Application vulnerable to HTTP request smuggling via llhttp HTTP request parser Moderate
CVE-2023-37276 was published for aiohttp (pip) Jul 20, 2023
sethmlarson
An unauthenticated attacker in SAP Web Dispatcher - versions WEBDISP 7.49, WEBDISP 7.53, WEBDISP... Critical Unreviewed
CVE-2023-33987 was published Jul 11, 2023
All versions of the package drogonframework/drogon are vulnerable to HTTP Response Splitting when... Moderate Unreviewed
CVE-2023-26137 was published Jul 6, 2023
SwiftNIO vulnerable to HTTP request smuggling using malformed Transfer-Encoding header Critical
GHSA-mgc4-wqv7-4pxm was published for github.com/apple/swift-nio (Swift) May 18, 2023
LavaLite vulnerable to web cache poisoning Critical
CVE-2023-27238 was published for lavalite/cms (Composer) May 12, 2023
HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows... High Unreviewed
CVE-2023-25950 was published Apr 11, 2023
X-Forwarded-For header allows brute-forcing autoblocked IP addresses Critical
CVE-2023-29141 was published for mediawiki/core (Composer) Mar 31, 2023
Rudloff
Apache HTTP Server via mod_proxy_uwsgi HTTP response smuggling High
CVE-2023-27522 was published for uWSGI (pip) Mar 7, 2023
joshbressers
Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP... Critical Unreviewed
CVE-2023-25690 was published Mar 7, 2023
HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are... Critical Unreviewed
CVE-2023-25725 was published Feb 14, 2023
Dell EMC PV ME5, versions ME5.1.0.0.0 and ME5.1.0.1.0, contains a Client-side desync... High Unreviewed
CVE-2023-23691 was published Jan 20, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database