Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
46
Go
3,270
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,517
Pub
12
RubyGems
998
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+

128 advisories

Loading
Next.js: HTTP request smuggling in rewrites Moderate
CVE-2026-29057 was published for next (npm) Mar 17, 2026
Undici has an HTTP Request/Response Smuggling issue Moderate
CVE-2026-1525 was published for undici (npm) Mar 13, 2026
mcollina Credited to mcollina and UlisesGascon UlisesGascon UlisesGascon
A vulnerability in the VPN web services component of Cisco Secure Firewall Adaptive Security... Moderate Unreviewed
CVE-2026-20069 was published Mar 4, 2026
Akamai Ghost on Akamai CDN edge servers before 2026-02-06 mishandles processing of custom hop-by... Moderate Unreviewed
CVE-2026-26365 was published Feb 23, 2026
Improper Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in Delinea Inc.... Moderate Unreviewed
CVE-2025-12811 was published Feb 19, 2026
An inconsistent interpretation of http requests ('http request smuggling') vulnerability in... Moderate Unreviewed
CVE-2025-55018 was published Feb 10, 2026
A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Smuggling... Moderate Unreviewed
CVE-2026-1801 was published Feb 3, 2026
A flaw was found in SoupServer. This HTTP request smuggling vulnerability occurs because... Moderate Unreviewed
CVE-2026-1760 was published Feb 2, 2026
Illegal HTTP request traffic vulnerability (CL.0) in Altitude Communication Server, caused by... Moderate Unreviewed
CVE-2025-41082 was published Jan 26, 2026
Vert.x Web static handler component cache can be manipulated to deny the access to static files Moderate
CVE-2026-1002 was published for io.vertx:vertx-core (Maven) Jan 15, 2026
yeikel Credited to yeikel
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in... Moderate Unreviewed
CVE-2025-12874 was published Dec 19, 2025
Member Login Script 3.3 contains a client-side desynchronization vulnerability that allows... Moderate Unreviewed
CVE-2023-53878 was published Dec 15, 2025
Akamai Ghost on Akamai CDN edge servers before 2025-11-17 has a chunked request body processing... Moderate Unreviewed
CVE-2025-66373 was published Dec 4, 2025
lighttpd1.4.80 incorrectly merged trailer fields into headers after http request parsing. This... Moderate Unreviewed
CVE-2025-12642 was published Nov 3, 2025
Hono vulnerable to Vary Header Injection leading to potential CORS Bypass Moderate
GHSA-q7jf-gf43-6x6p was published for hono (npm) Oct 24, 2025
gigatechcode Credited to gigatechcode
Connection desynchronization between an HTTP proxy and the model backend. The fixes were rolled... Moderate Unreviewed
CVE-2025-11915 was published Oct 22, 2025
Http4s vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer section Moderate
CVE-2025-59822 was published for org.http4s:http4s-ember-core_2.12 (Maven) Sep 23, 2025
sebastianosrt Credited to sebastianosrt, samspills, and rossabaker samspills samspills
rossabaker rossabaker
An HTTP Request Smuggling [CWE-444] vulnerability in the Authentication portal of WatchGuard... Moderate Unreviewed
CVE-2025-6999 was published Sep 16, 2025
Eventlet affected by HTTP request smuggling in unparsed trailers Moderate
CVE-2025-58068 was published for eventlet (pip) Aug 29, 2025
sebastianosrt Credited to sebastianosrt
Akamai Ghost before 2025-07-21 allows HTTP Request Smuggling via an OPTIONS request that has an... Moderate Unreviewed
CVE-2025-54142 was published Aug 29, 2025
mitmproxy binaries embed a vulnerable python-hyper/h2 dependency Moderate
GHSA-63cx-g855-hvv4 was published for mitmproxy (pip) Aug 25, 2025
sebastianosrt Credited to sebastianosrt and mhils mhils mhils
An issue was discovered in Akamai Ghost, as used for the Akamai CDN platform before 2025-03-26.... Moderate Unreviewed
CVE-2025-32094 was published Aug 7, 2025
Ruby WEBrick read_headers method can lead to HTTP Request/Response Smuggling Moderate
CVE-2025-6442 was published for webrick (RubyGems) Jun 26, 2025
A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using `\r\n\rX`... Moderate Unreviewed
CVE-2025-23167 was published May 19, 2025
Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow... Moderate Unreviewed
CVE-2025-47905 was published May 14, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database