Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
50
GitHub Actions
50
Go
3,673
Maven
5,000+
npm
5,000+
NuGet
932
pip
4,891
Pub
13
RubyGems
1,051
Rust
1,315
Swift
53
Unreviewed advisories
All unreviewed
5,000+

307 advisories

Loading
Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header... High Unreviewed
CVE-2026-40562 was published May 6, 2026
Netty: Start-Line Injection in DefaultHttpRequest.setUri() Allows HTTP Request Smuggling and RTSP Request Injection Moderate
CVE-2026-41417 was published for io.netty:netty-codec-http (Maven) May 5, 2026
oxqnd Credited to oxqnd, aest3ra, and mjkim610 aest3ra aest3ra
mjkim610 mjkim610
Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header... Moderate Unreviewed
CVE-2026-40561 was published May 3, 2026
Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header... High Unreviewed
CVE-2026-40560 was published Apr 29, 2026
** UNSUPPORTED WHEN ASSIGNED ** Inconsistent Interpretation of HTTP Requests ('HTTP Request... Critical Unreviewed
CVE-2026-41873 was published Apr 28, 2026
A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The... Low Unreviewed
CVE-2026-2708 was published Apr 24, 2026
actix-http has HTTP/1.1 CL.TE Request Smuggling Moderate
GHSA-xhj4-vrgc-hr34 was published for actix-http (Rust) Apr 22, 2026
mufeedvh Credited to mufeedvh
HCL BigFix Service Management is susceptible to HTTP Request Smuggling.  HTTP request smuggling... Low Unreviewed
CVE-2025-31958 was published Apr 21, 2026
Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain Moderate
CVE-2026-40175 was published for axios (npm) Apr 10, 2026
raulvdv Credited to raulvdv, SwTan98, Wenxin-Jiang, and jasonsaayman SwTan98 SwTan98
Wenxin-Jiang Wenxin-Jiang jasonsaayman jasonsaayman
Apache Tomcat has an HTTP Request/Response Smuggling vulnerability High
CVE-2026-24880 was published for org.apache.tomcat:tomcat (Maven) Apr 9, 2026
tkwilli94 Credited to tkwilli94
Jetty has HTTP Request Smuggling via Chunked Extension Quoted-String Parsing High
CVE-2026-2332 was published for org.eclipse.jetty:jetty-http (Maven) Apr 14, 2026
xclow3n Credited to xclow3n
h3 v1 has Request Smuggling (TE.TE) issue High
CVE-2026-23527 was published for h3 (npm) Jan 15, 2026
simonkoeck Credited to simonkoeck
Tinyproxy through 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case... High Unreviewed
CVE-2026-31842 was published Apr 7, 2026
Apache Traffic Server allows request smuggling if chunked messages are malformed.  This issue... High Unreviewed
CVE-2025-65114 was published Apr 2, 2026
AIOHTTP accepts duplicate Host headers Moderate
CVE-2026-34525 was published for aiohttp (pip) Apr 1, 2026
5yu4n Credited to 5yu4n, rodrigobnogueira, and bdraco rodrigobnogueira rodrigobnogueira
bdraco bdraco
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container... Moderate Unreviewed
CVE-2026-1491 was published Apr 1, 2026
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container... Moderate Unreviewed
CVE-2026-2862 was published Apr 1, 2026
Undertow is Vulnerable to HTTP Request/Response Smuggling High
CVE-2026-28369 was published for io.undertow:undertow-parent (Maven) Mar 27, 2026
Undertow is Vulnerable to HTTP Request/Response Smuggling High
CVE-2026-28368 was published for io.undertow:undertow-parent (Maven) Mar 27, 2026
Undertow is Vulnerable to HTTP Request/Response Smuggling High
CVE-2026-28367 was published for io.undertow:undertow-parent (Maven) Mar 27, 2026
Netty: HTTP Request Smuggling via Chunked Extension Quoted-String Parsing High
CVE-2026-33870 was published for io.netty:netty-codec-http (Maven) Mar 26, 2026
xclow3n Credited to xclow3n
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in... Low Unreviewed
CVE-2026-4742 was published Mar 24, 2026
A flaw was found in SoupServer. This HTTP request smuggling vulnerability occurs because... Moderate Unreviewed
CVE-2026-1760 was published Feb 2, 2026
A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns... High Unreviewed
CVE-2025-14523 was published Dec 11, 2025
A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Smuggling... Moderate Unreviewed
CVE-2026-1801 was published Feb 3, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database