GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 19,742
Composer 4,029
Erlang 29
GitHub Actions 16
Go 1,832
Maven 5,050
npm 3,573
NuGet 632
pip 3,159
Pub 10
RubyGems 847
Rust 797
Swift 34

Unreviewed advisories

All unreviewed 224,761

CC-BY-4.0 License

Language support

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

6 advisories

Filter by severity

Sort by

Least recently updated

twisted.web has disordered HTTP pipeline response High

CVE-2024-41671 was published for twisted (pip) Jul 29, 2024

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in tornado Moderate

GHSA-753j-mpmx-qq6g was published for tornado (pip) Jun 6, 2024

aiohttp has vulnerable dependency that is vulnerable to request smuggling Moderate

GHSA-pjjw-qhg8-p2p9 was published for aiohttp (pip) Nov 27, 2023

AIOHTTP has problems in HTTP parser (the python one, not llhttp) Moderate

CVE-2023-47627 was published for aiohttp (pip) Nov 14, 2023

Puma HTTP Request/Response Smuggling vulnerability Critical

CVE-2023-40175 was published for puma (RubyGems) Aug 18, 2023

Tornado vulnerable to HTTP request smuggling via improper parsing of `Content-Length` fields and chunk lengths Moderate

GHSA-qppv-j76h-2rpx was published for tornado (pip) Aug 14, 2023

ProTip! Advisories are also available from the GraphQL API

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

6 advisories