Overview · yhirose/cpp-httplib · GitHub

Security

No security policy detected

This project has not set up a SECURITY.md file yet.

Report a vulnerability

cpp-httplib: Malicious `X-Forwarded-For` Under Trusted-Proxy Configuration Triggers Empty `vector::front()`, Leading to Undefined Behavior and Server Crash
GHSA-hg3g-vrg8-578g published May 16, 2026 by yhirose

High
HTTP header value percent-decoding in server-side `parse_header` enables CRLF injection
GHSA-xjxg-64p4-vj4m published May 12, 2026 by yhirose

High
DoS: Negative chunk-size in chunked Transfer-Encoding
GHSA-h6wq-j5mv-f3q8 published May 12, 2026 by yhirose

Moderate
HTTP Request Smuggling via Unconsumed GET Request Body
GHSA-jv63-rm9j-6jwc published Mar 31, 2026 by yhirose

Moderate
cpp-httplib Client Leaks Authentication Credentials to Untrusted Hosts on Cross-Origin HTTP Redirect
GHSA-6hrp-7fq9-3qv2 published Mar 25, 2026 by yhirose

High
Silent TLS Certificate Verification Bypass on HTTPS Redirect via Proxy
GHSA-c3h8-fqq4-xm4g published Mar 13, 2026 by yhirose

High
Remote Process Crash via Malformed Content-Length Response Header
GHSA-39q5-hh6x-jpxx published Mar 10, 2026 by yhirose

High
Stack Overflow Denial of Service (DoS) via std::regex in multipart filename parsing
GHSA-qq6v-r583-3h69 published Mar 6, 2026 by yhirose

Moderate
Default exception handler leaks e.what() to clients via EXCEPTION_WHAT response header
GHSA-8mpw-r4gc-xm7q published Mar 2, 2026 by yhirose

Moderate
Payload size limit bypass via gzip decompression in ContentReader (streaming) allows oversized request bodies in cpp-httplib
GHSA-xvfx-w463-6fpp published Mar 2, 2026 by yhirose

High

Learn more about advisories related to yhirose/cpp-httplib in the GitHub Advisory Database