Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,179
Erlang
31
GitHub Actions
19
Go
1,982
Maven
5,000+
npm
3,701
NuGet
656
pip
3,323
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

44 advisories

Loading
An information disclosure vulnerability exists in the HTTP Server /ping.html functionality of... Moderate Unreviewed
CVE-2021-21966 was published Feb 17, 2022
A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift... Moderate Unreviewed
CVE-2022-0552 was published Apr 12, 2022
Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web cache, bypass web application... Moderate Unreviewed
CVE-2005-2089 was published May 1, 2022
The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy,... Moderate Unreviewed
CVE-2005-2088 was published May 1, 2022
HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used... Moderate Unreviewed
CVE-2006-6276 was published May 1, 2022
There are multiple HTTP smuggling and cache poisoning issues when clients making malicious... Moderate Unreviewed
CVE-2018-8004 was published May 14, 2022
HPE has identified a remote HOST header attack vulnerability in HPE CentralView Fraud Risk... Moderate Unreviewed
CVE-2018-7068 was published May 14, 2022
A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a... Moderate Unreviewed
CVE-2019-0197 was published May 24, 2022
A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco... Moderate Unreviewed
CVE-2019-15272 was published May 24, 2022
NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as... Moderate Unreviewed
CVE-2019-20372 was published May 24, 2022
Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent Interpretation of HTTP Requests. Moderate Unreviewed
CVE-2020-10111 was published May 24, 2022
Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poisoning. Moderate Unreviewed
CVE-2020-10112 was published May 24, 2022
Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module... Moderate Unreviewed
CVE-2020-11993 was published May 24, 2022
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest'... Moderate Unreviewed
CVE-2020-9490 was published May 24, 2022
In JetBrains Ktor before 1.4.1, HTTP request smuggling was possible. Moderate Unreviewed
CVE-2020-26129 was published May 24, 2022
Kamailio before 5.4.0, as used in Sip Express Router (SER) in Sippy Softswitch 4.5 through 5.2... Moderate Unreviewed
CVE-2020-28361 was published May 24, 2022
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in... Moderate Unreviewed
CVE-2020-8287 was published May 24, 2022
IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web cache poisoning, caused by... Moderate Unreviewed
CVE-2020-4896 was published May 24, 2022
SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, 2011, allows an authenticated attacker to... Moderate Unreviewed
CVE-2021-21445 was published May 24, 2022
All versions of package tornado are vulnerable to Web Cache Poisoning by using a vector called... Moderate Unreviewed
CVE-2020-28476 was published May 24, 2022
In JetBrains Ktor before 1.4.3, HTTP Request Smuggling was possible. Moderate Unreviewed
CVE-2021-25762 was published May 24, 2022
Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not... Moderate Unreviewed
CVE-2019-17567 was published May 24, 2022
Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a... Moderate Unreviewed
CVE-2021-36740 was published May 24, 2022
SAP Web Dispatcher and Internet Communication Manager (ICM), versions - KRNL32NUC 7.21, 7.21EXT,... Moderate Unreviewed
CVE-2021-33683 was published May 24, 2022
An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting')... Moderate Unreviewed
CVE-2021-32598 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database