Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
47
Go
3,340
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,549
Pub
12
RubyGems
1,012
Rust
1,202
Swift
51
Unreviewed advisories
All unreviewed
5,000+

291 advisories

Loading
A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line... High Unreviewed
CVE-2026-28369 was published Mar 27, 2026
A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially... High Unreviewed
CVE-2026-28368 was published Mar 27, 2026
A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending `\r\r\r... High Unreviewed
CVE-2026-28367 was published Mar 27, 2026
Netty: HTTP Request Smuggling via Chunked Extension Quoted-String Parsing High
CVE-2026-33870 was published for io.netty:netty-codec-http (Maven) Mar 26, 2026
xclow3n Credited to xclow3n
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in... Low Unreviewed
CVE-2026-4742 was published Mar 24, 2026
Next.js: HTTP request smuggling in rewrites Moderate
CVE-2026-29057 was published for next (npm) Mar 17, 2026
Undici has an HTTP Request/Response Smuggling issue Moderate
CVE-2026-1525 was published for undici (npm) Mar 13, 2026
mcollina Credited to mcollina and UlisesGascon UlisesGascon UlisesGascon
Pingora has HTTP Request Smuggling via HTTP/1.0 and Transfer-Encoding Misparsing Critical
CVE-2026-2835 was published for pingora-core (Rust) Mar 5, 2026
xclow3n Credited to xclow3n
Pingora vulnerable to HTTP Request Smuggling via Premature Upgrade Critical
CVE-2026-2833 was published for pingora-core (Rust) Mar 5, 2026
xclow3n Credited to xclow3n
Duplicate Advisory: HTTP Request Smuggling via Premature Upgrade Critical
GHSA-f9v3-j2m7-4hpg was published for pingora-core (Rust) Mar 5, 2026 withdrawn
Duplicate Advisory: HTTP Request Smuggling via HTTP/1.0 and Transfer-Encoding Misparsing Critical
GHSA-262p-vjx5-45xh was published for pingora-core (Rust) Mar 5, 2026 withdrawn
A vulnerability in the VPN web services component of Cisco Secure Firewall Adaptive Security... Moderate Unreviewed
CVE-2026-20069 was published Mar 4, 2026
Akamai Ghost on Akamai CDN edge servers before 2026-02-06 mishandles processing of custom hop-by... Moderate Unreviewed
CVE-2026-26365 was published Feb 23, 2026
Improper Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in Delinea Inc.... Moderate Unreviewed
CVE-2025-12811 was published Feb 19, 2026
An inconsistent interpretation of http requests ('http request smuggling') vulnerability in... Moderate Unreviewed
CVE-2025-55018 was published Feb 10, 2026
A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Smuggling... Moderate Unreviewed
CVE-2026-1801 was published Feb 3, 2026
A flaw was found in SoupServer. This HTTP request smuggling vulnerability occurs because... Moderate Unreviewed
CVE-2026-1760 was published Feb 2, 2026
Illegal HTTP request traffic vulnerability (CL.0) in Altitude Communication Server, caused by... Moderate Unreviewed
CVE-2025-41082 was published Jan 26, 2026
Vert.x Web static handler component cache can be manipulated to deny the access to static files Moderate
CVE-2026-1002 was published for io.vertx:vertx-core (Maven) Jan 15, 2026
yeikel Credited to yeikel
h3 v1 has Request Smuggling (TE.TE) issue High
CVE-2026-23527 was published for h3 (npm) Jan 15, 2026
simonkoeck Credited to simonkoeck
AIOHTTP has unicode match groups in regexes for ASCII protocol elements Low
CVE-2025-69225 was published for aiohttp (pip) Jan 5, 2026
ThomasRinsma Credited to ThomasRinsma and Dreamsorcerer Dreamsorcerer Dreamsorcerer
AIOHTTP's unicode processing of header values could cause parsing discrepancies Low
CVE-2025-69224 was published for aiohttp (pip) Jan 5, 2026
ThomasRinsma Credited to ThomasRinsma and Dreamsorcerer Dreamsorcerer Dreamsorcerer
flagd: Multiple Go Runtime CVEs Impact Security and Availability High
GHSA-4c5f-9mj4-m247 was published for github.com/open-feature/flagd/core (Go) Jan 5, 2026
pramod-ahire Credited to pramod-ahire
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in... Moderate Unreviewed
CVE-2025-12874 was published Dec 19, 2025
Member Login Script 3.3 contains a client-side desynchronization vulnerability that allows... Moderate Unreviewed
CVE-2023-53878 was published Dec 15, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database