GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
306 advisories
Netty: Start-Line Injection in DefaultHttpRequest.setUri() Allows HTTP Request Smuggling and RTSP Request Injection
Moderate
CVE-2026-41417
was published
for
io.netty:netty-codec-http
(Maven)
May 5, 2026
actix-http has HTTP/1.1 CL.TE Request Smuggling
Moderate
GHSA-xhj4-vrgc-hr34
was published
for
actix-http
(Rust)
Apr 22, 2026
Jetty has HTTP Request Smuggling via Chunked Extension Quoted-String Parsing
High
CVE-2026-2332
was published
for
org.eclipse.jetty:jetty-http
(Maven)
Apr 14, 2026
Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain
Moderate
CVE-2026-40175
was published
for
axios
(npm)
Apr 10, 2026
Apache Tomcat has an HTTP Request/Response Smuggling vulnerability
High
CVE-2026-24880
was published
for
org.apache.tomcat:tomcat
(Maven)
Apr 9, 2026
AIOHTTP accepts duplicate Host headers
Moderate
CVE-2026-34525
was published
for
aiohttp
(pip)
Apr 1, 2026
Netty: HTTP Request Smuggling via Chunked Extension Quoted-String Parsing
High
CVE-2026-33870
was published
for
io.netty:netty-codec-http
(Maven)
Mar 26, 2026
Undici has an HTTP Request/Response Smuggling issue
Moderate
CVE-2026-1525
was published
for
undici
(npm)
Mar 13, 2026
Pingora has HTTP Request Smuggling via HTTP/1.0 and Transfer-Encoding Misparsing
Critical
CVE-2026-2835
was published
for
pingora-core
(Rust)
Mar 5, 2026
Pingora vulnerable to HTTP Request Smuggling via Premature Upgrade
Critical
CVE-2026-2833
was published
for
pingora-core
(Rust)
Mar 5, 2026
ProTip!
Advisories are also available from the
GraphQL API