Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

50 advisories

Loading
CRLF Injection in RestSharp's `RestRequest.AddHeader` method Moderate
CVE-2024-45302 was published for RestSharp (NuGet) Aug 29, 2024
sofiaml Static-Flow
A CRLF injection vulnerability in E-Staff v5.1 allows attackers to insert Carriage Return (CR)... Critical Unreviewed
CVE-2024-40324 was published Jul 25, 2024
Gateway API route matching order contradicts specification Moderate
CVE-2024-42487 was published for github.com/cilium/cilium (Go) Aug 15, 2024
sayboras
Inconsistent Interpretation of HTTP Requests in github.com/gin-gonic/gin High
CVE-2020-28483 was published for github.com/gin-gonic/gin (Go) Jun 23, 2021
A vulnerability in the web-based management API of Cisco AsyncOS Software for Cisco Secure Email... Moderate Unreviewed
CVE-2024-20392 was published May 15, 2024
Low severity vulnerability that affects com.linecorp.armeria:armeria Moderate
CVE-2019-16771 was published for com.linecorp.armeria:armeria (Maven) Dec 5, 2019
SunBK201
Drupal CRLF injection vulnerability in the drupal_set_header function Moderate
CVE-2016-3166 was published for drupal/core (Composer) May 17, 2022
All versions of the package ithewei/libhv are vulnerable to HTTP Response Splitting when... Moderate Unreviewed
CVE-2023-26147 was published Sep 29, 2023
AMI SPx contains a vulnerability in the BMC where an Attacker may cause an improper... Moderate Unreviewed
CVE-2023-34472 was published Jul 5, 2023
All versions of the package crow are vulnerable to HTTP Response Splitting when untrusted user... Moderate Unreviewed
CVE-2023-26142 was published Sep 19, 2023
Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1... Moderate Unreviewed
CVE-2023-41834 was published Sep 19, 2023
In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions... High Unreviewed
CVE-2023-32708 was published Jul 6, 2023
All versions of the package drogonframework/drogon are vulnerable to HTTP Response Splitting when... Moderate Unreviewed
CVE-2023-26137 was published Jul 6, 2023
An issue was discovered in Netdata 1.10.0. HTTP Header Injection exists via the api/v1/data... Moderate Unreviewed
CVE-2018-18837 was published May 24, 2022
Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Tomcat Moderate
CVE-2014-0099 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') in trillium-http and trillium-client Moderate
CVE-2024-23644 was published for trillium-client (Rust) Jan 24, 2024
divergentdave
A vulnerability in Cisco Email Security Appliance (ESA) and Cisco Secure Email and Web Manager... Moderate Unreviewed
CVE-2022-20772 was published Nov 4, 2022
The vulnerability allows a remote attacker to inject arbitrary HTTP response headers or... Moderate Unreviewed
CVE-2023-48256 was published Jan 10, 2024
phpMyAdmin HTTP Response Splitting Vulnerability High
CVE-2009-1149 was published for phpmyadmin/phpmyadmin (Composer) May 2, 2022
Moodle CRLF Injection Vulnerability in Calendar Component Moderate
CVE-2011-4203 was published for moodle/moodle (Composer) May 13, 2022
The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted... Moderate Unreviewed
CVE-2023-29406 was published Jul 11, 2023
HTTP Response Splitting (Early Hints) in Puma Moderate
CVE-2020-5249 was published for puma (RubyGems) Mar 3, 2020
Header injection in TurboGears Critical
CVE-2019-25101 was published for TurboGears (pip) Feb 4, 2023
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is... Moderate Unreviewed
CVE-2020-10753 was published May 24, 2022
Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be... Moderate Unreviewed
CVE-2022-37436 was published Jan 17, 2023
ProTip! Advisories are also available from the GraphQL API