Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,318
Erlang
31
GitHub Actions
21
Go
2,074
Maven
5,000+
npm
3,746
NuGet
674
pip
3,434
Pub
12
RubyGems
892
Rust
880
Swift
37
Unreviewed advisories
All unreviewed
5,000+

33 advisories

Loading
io.quarkus.http/quarkus-http-core: Quarkus HTTP Cookie Smuggling High
CVE-2024-12397 was published for io.quarkus.http:quarkus-http-core (Maven) Dec 12, 2024
Keycloak proxy header handling Denial-of-Service (DoS) vulnerability Moderate
CVE-2024-9666 was published for org.keycloak:keycloak-quarkus-server (Maven) Nov 25, 2024
Duplicate Advisory: Keycloak proxy header handling Denial-of-Service (DoS) vulnerability Moderate
GHSA-pcx7-8hxg-j823 was published for org.keycloak:keycloak-quarkus-server (Maven) Nov 25, 2024 withdrawn
Undertow incorrectly parses cookies High
CVE-2023-4639 was published for io.undertow:undertow-core (Maven) Nov 17, 2024
HTTP Request Smuggling Leading to Client Timeouts in resteasy-netty4 Moderate
CVE-2024-9622 was published for org.jboss.resteasy:resteasy-netty4-cdi (Maven) Oct 8, 2024
Apache Tomcat Improper Input Validation vulnerability High
CVE-2023-46589 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Nov 28, 2023
biehl1
HTTP Request Smuggling in Netty High
CVE-2019-16869 was published for io.netty:netty-all (Maven) Oct 11, 2019
G-Rath westonsteimel
SunBK201
Apache Tomcat may reject request containing invalid Content-Length header High
CVE-2022-42252 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Nov 1, 2022
sunSUNQ westonsteimel
Undertow Request Smuggling vulnerability High
CVE-2017-12165 was published for io.undertow:undertow-core (Maven) May 13, 2022
r3kumar
HTTP Request Smuggling in Apache Tomcat Moderate
CVE-2021-33037 was published for org.apache.tomcat:tomcat (Maven) Aug 13, 2021
mrjonstrong sunSUNQ
Micronaut's HTTP client is vulnerable to HTTP Request Header Injection Critical
CVE-2020-7611 was published for io.micronaut:micronaut-http-client (Maven) Mar 30, 2020
JLLeitschuh
Possible request smuggling in HTTP/2 due missing validation of content-length Moderate
CVE-2021-21409 was published for io.netty:netty (Maven) Mar 30, 2021
westonsteimel
HTTP request smuggling in netty Moderate
CVE-2021-43797 was published for io.netty:netty (Maven) Dec 9, 2021
purninavi westonsteimel
Possible request smuggling in HTTP/2 due missing validation Moderate
CVE-2021-21295 was published for io.netty:netty (Maven) Mar 9, 2021
artgon carl-mastrangelo
westonsteimel
HTTP Request Smuggling in Netty Moderate
CVE-2019-20445 was published for io.netty:netty (Maven) Feb 21, 2020
westonsteimel
HTTP Request Smuggling in Netty Critical
CVE-2019-20444 was published for io.netty:netty (Maven) Feb 21, 2020
KateCatlin westonsteimel
Jetty vulnerable to authorization bypass due to inconsistent HTTP request handling (HTTP Request Smuggling) Critical
CVE-2017-7658 was published for org.eclipse.jetty:jetty-server (Maven) Oct 19, 2018
westonsteimel
HTTP Request Smuggling in akka-http-core Moderate
CVE-2021-23339 was published for com.typesafe.akka:akka-http-core (Maven) May 10, 2021
oliverchang
Code injection in Apache Dubbo Critical
CVE-2021-30180 was published for org.apache.dubbo:dubbo (Maven) Mar 18, 2022
HTTP Request Smuggling in Undertow Moderate
CVE-2020-10687 was published for io.undertow:undertow-core (Maven) Apr 30, 2021
HTTP Request Smuggling in Undertow Moderate
CVE-2020-10719 was published for io.undertow:undertow-core (Maven) Apr 30, 2021
HTTP request smuggling in Undertow Moderate
CVE-2021-20220 was published for io.undertow:undertow-core (Maven) Jun 16, 2021
Critical severity vulnerability that affects org.eclipse.jetty:jetty-server Critical
CVE-2017-7657 was published for org.eclipse.jetty:jetty-server (Maven) Oct 19, 2018
Improper Neutralization of CRLF Sequences in HTTP Headers in Jooby ('HTTP Response Splitting) Critical
CVE-2020-7622 was published for io.jooby:jooby-netty (Maven) Apr 3, 2020
JLLeitschuh
HTTP Request Smuggling in Netty High
CVE-2020-7238 was published for io.netty:netty-handler (Maven) Feb 21, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database