Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

95 advisories

Loading
Parse Server before v3.4.1 vulnerable to Denial of Service High
CVE-2019-1020012 was published for parse-server (npm) Jun 13, 2019
Request smuggling is possible when both chunked TE and content length specified Low
CVE-2020-5207 was published for io.ktor:ktor-client-cio (Maven) Jan 27, 2020
Ability to switch channels via GET parameter enabled in production environments Low
CVE-2020-5218 was published for sylius/sylius (Composer) Jan 31, 2020
Undertow-core vulnerable to HTTP Request Smuggling Moderate
CVE-2017-2666 was published for io.undertow:undertow-core (Maven) Oct 19, 2018
Web Cache Poisoning in find-my-way Moderate
CVE-2020-7764 was published for find-my-way (npm) Nov 9, 2020
Withdrawn: HTTP Request Smuggling in Agoo Moderate
CVE-2020-7670 was published for agoo (RubyGems) Oct 20, 2020 withdrawn
Webcache Poisoning in shopware/platform and shopware/core Critical
GHSA-r64m-qchj-hrjp was published for shopware/core (Composer) Nov 24, 2021
HTTP Request Smuggling in hyper Moderate
CVE-2021-21299 was published for hyper (Rust) Aug 25, 2021
ZeddYu
HTTP Request Smuggling in reel High
CVE-2020-7659 was published for reel (RubyGems) May 24, 2021
HTTP Request Smuggling in goliath High
CVE-2020-7671 was published for goliath (RubyGems) May 24, 2021
Async-h1 request smuggling possible with long unread bodies Moderate
CVE-2020-26281 was published for async-h1 (Rust) Oct 12, 2021
HTTP Request Smuggling in waitress High
CVE-2022-24761 was published for waitress (pip) Mar 18, 2022
zeyu2001
Inconsistent Interpretation of HTTP Requests in Red Hat JBoss EAP High
CVE-2017-7561 was published for org.jboss.resteas:resteasy-jaxrs (Maven) May 13, 2022
Inconsistent Interpretation of HTTP Requests in Waitress High
CVE-2019-16792 was published for waitress (pip) May 24, 2022
Inconsistent Interpretation of HTTP Requests in twisted.web High
CVE-2022-24801 was published for twisted (pip) Apr 4, 2022
zeyu2001 twm
exarkun
Quarkus does not terminate HTTP requests header context Critical
CVE-2022-2466 was published for io.quarkus:quarkus-core-parent (Maven) Sep 1, 2022
Potential HTTP request smuggling in Apache Tomcat Moderate
CVE-2019-17569 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Feb 28, 2020
Undertow vulnerable to Request Smuggling Moderate
CVE-2017-7559 was published for io.undertow:undertow-core (Maven) May 13, 2022
Jetty vulnerable to cache poisoning due to inconsistent HTTP request handling (HTTP Request Smuggling) High
CVE-2017-7656 was published for org.eclipse.jetty:jetty-server (Maven) Oct 19, 2018
Potential HTTP request smuggling in Apache Tomcat Moderate
CVE-2020-1935 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Feb 28, 2020
HTTP Request Smuggling in Netty High
CVE-2020-7238 was published for io.netty:netty-handler (Maven) Feb 21, 2020
Improper Neutralization of CRLF Sequences in HTTP Headers in Jooby ('HTTP Response Splitting) Critical
CVE-2020-7622 was published for io.jooby:jooby-netty (Maven) Apr 3, 2020
JLLeitschuh
Critical severity vulnerability that affects org.eclipse.jetty:jetty-server Critical
CVE-2017-7657 was published for org.eclipse.jetty:jetty-server (Maven) Oct 19, 2018
HTTP request smuggling in Undertow Moderate
CVE-2021-20220 was published for io.undertow:undertow-core (Maven) Jun 16, 2021
HTTP Request Smuggling in Undertow Moderate
CVE-2020-10719 was published for io.undertow:undertow-core (Maven) Apr 30, 2021
ProTip! Advisories are also available from the GraphQL API