GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 23,755
Composer 4,856
Erlang 36
GitHub Actions 36
Go 2,488
Maven 5,911
npm 4,104
NuGet 735
pip 3,923
Pub 12
RubyGems 945
Rust 1,017
Swift 39

Unreviewed advisories

All unreviewed 268,374

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

138 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Akamai Ghost before 2025-07-21 allows HTTP Request Smuggling via an OPTIONS request that has an... Moderate Unreviewed

CVE-2025-54142 was published Aug 29, 2025

An issue was discovered in Akamai Ghost, as used for the Akamai CDN platform before 2025-03-26.... Moderate Unreviewed

CVE-2025-32094 was published Aug 7, 2025

An HTTP Request Smuggling vulnerability in Looker allowed an unauthorized attacker to capture... High Unreviewed

CVE-2024-8912 was published Oct 11, 2024

Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow... Moderate Unreviewed

CVE-2025-47905 was published May 14, 2025

A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using `\r\n\rX`... Moderate Unreviewed

CVE-2025-23167 was published May 19, 2025

Radware Cloud Web Application Firewall (WAF) before 2025-05-07 allows remote attackers to bypass... Critical Unreviewed

CVE-2024-56523 was published May 12, 2025

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in... High Unreviewed

CVE-2022-26377 was published Jun 10, 2022

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module... Moderate Unreviewed

CVE-2020-11993 was published May 24, 2022

An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1. A request... High Unreviewed

CVE-2022-45059 was published Nov 9, 2022

An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct... High Unreviewed

CVE-2024-33452 was published Apr 22, 2025

An active network attacker (MiTM) can achieve remote code execution on a machine that runs IKARUS... High Unreviewed

CVE-2017-15643 was published May 17, 2022

The team has identified a critical vulnerability in the http server of the most recent version of... Moderate Unreviewed

CVE-2024-27982 was published May 7, 2024

Apache Traffic Server allows request smuggling if chunked messages are malformed. This... High Unreviewed

CVE-2024-53868 was published Apr 3, 2025

Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via... Moderate Unreviewed

CVE-2025-30346 was published Mar 21, 2025

IBM Cognos Controller 11.0.0 through 11.1.0 is vulnerable to a Client-Side Desync (CSD) attack... Moderate Unreviewed

CVE-2022-39163 was published Mar 26, 2025

The pagination class includes arbitrary parameters in links, leading to cache poisoning attack... Moderate Unreviewed

CVE-2024-27185 was published Aug 20, 2024

HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are... Critical Unreviewed

CVE-2023-25725 was published Feb 14, 2023

HTTP Request Smuggling vulnerability in netease-youdao/qanything version 1.4.1 allows attackers... High Unreviewed

CVE-2024-10264 was published Mar 20, 2025

In Perfex Crm < 3.2.1, an authenticated attacker can send a crafted HTTP POST request to the... Moderate Unreviewed

CVE-2024-56908 was published Feb 14, 2025

In JetBrains Ktor before 3.1.1 an HTTP Request Smuggling was possible Moderate Unreviewed

CVE-2025-29904 was published Mar 12, 2025

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in... Critical Unreviewed

CVE-2025-1867 was published Mar 3, 2025

A deep link validation issue in KakaoTalk 10.4.3 allowed a remote adversary to direct users to... Moderate Unreviewed

CVE-2023-51219 was published Jun 3, 2024

Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.5~1.7.0 on all platforms allows... High Unreviewed

CVE-2024-23452 was published Feb 8, 2024

Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services... Moderate Unreviewed

CVE-2024-21281 was published Oct 15, 2024

A flaw was found in OpenShift Service Mesh 2.6.3 and 2.5.6. Rate-limiter avoidance, access... Moderate Unreviewed

CVE-2025-0752 was published Jan 28, 2025

Previous1…6 Next

Previous 1 2 3 4 5 6 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

138 advisories