GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
298 advisories
Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain
Critical
CVE-2026-40175
was published
for
axios
(npm)
Apr 10, 2026
AIOHTTP accepts duplicate Host headers
Moderate
CVE-2026-34525
was published
for
aiohttp
(pip)
Apr 1, 2026
Netty: HTTP Request Smuggling via Chunked Extension Quoted-String Parsing
High
CVE-2026-33870
was published
for
io.netty:netty-codec-http
(Maven)
Mar 26, 2026
Undici has an HTTP Request/Response Smuggling issue
Moderate
CVE-2026-1525
was published
for
undici
(npm)
Mar 13, 2026
Pingora has HTTP Request Smuggling via HTTP/1.0 and Transfer-Encoding Misparsing
Critical
CVE-2026-2835
was published
for
pingora-core
(Rust)
Mar 5, 2026
Pingora vulnerable to HTTP Request Smuggling via Premature Upgrade
Critical
CVE-2026-2833
was published
for
pingora-core
(Rust)
Mar 5, 2026
ProTip!
Advisories are also available from the
GraphQL API