GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,262
Erlang
31
GitHub Actions
21
Go
2,030
Maven
5,000+
npm
3,732
NuGet
662
pip
3,409
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+
16 advisories
Filter by severity
Undertow-core vulnerable to HTTP Request Smuggling
Moderate
CVE-2017-2666
was published
for
io.undertow:undertow-core
(Maven)
Oct 19, 2018
Potential HTTP request smuggling in Apache Tomcat
Moderate
CVE-2019-17569
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Feb 28, 2020
Undertow vulnerable to Request Smuggling
Moderate
CVE-2017-7559
was published
for
io.undertow:undertow-core
(Maven)
May 13, 2022
Potential HTTP request smuggling in Apache Tomcat
Moderate
CVE-2020-1935
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Feb 28, 2020
HTTP request smuggling in Undertow
Moderate
CVE-2021-20220
was published
for
io.undertow:undertow-core
(Maven)
Jun 16, 2021
HTTP Request Smuggling in Undertow
Moderate
CVE-2020-10719
was published
for
io.undertow:undertow-core
(Maven)
Apr 30, 2021
HTTP Request Smuggling in Undertow
Moderate
CVE-2020-10687
was published
for
io.undertow:undertow-core
(Maven)
Apr 30, 2021
HTTP Request Smuggling in akka-http-core
Moderate
CVE-2021-23339
was published
for
com.typesafe.akka:akka-http-core
(Maven)
May 10, 2021
HTTP Request Smuggling in Netty
Moderate
CVE-2019-20445
was published
for
io.netty:netty
(Maven)
Feb 21, 2020
Possible request smuggling in HTTP/2 due missing validation
Moderate
CVE-2021-21295
was published
for
io.netty:netty
(Maven)
Mar 9, 2021
HTTP request smuggling in netty
Moderate
CVE-2021-43797
was published
for
io.netty:netty
(Maven)
Dec 9, 2021
Possible request smuggling in HTTP/2 due missing validation of content-length
Moderate
CVE-2021-21409
was published
for
io.netty:netty
(Maven)
Mar 30, 2021
HTTP Request Smuggling in Apache Tomcat
Moderate
CVE-2021-33037
was published
for
org.apache.tomcat:tomcat
(Maven)
Aug 13, 2021
HTTP Request Smuggling Leading to Client Timeouts in resteasy-netty4
Moderate
CVE-2024-9622
was published
for
org.jboss.resteasy:resteasy-netty4-cdi
(Maven)
Oct 8, 2024
Duplicate Advisory: Keycloak proxy header handling Denial-of-Service (DoS) vulnerability
Moderate
GHSA-pcx7-8hxg-j823
was published
for
org.keycloak:keycloak-quarkus-server
(Maven)
Nov 25, 2024
•
withdrawn
Keycloak proxy header handling Denial-of-Service (DoS) vulnerability
Moderate
CVE-2024-9666
was published
for
org.keycloak:keycloak-quarkus-server
(Maven)
Nov 25, 2024
ProTip!
Advisories are also available from the
GraphQL API