GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
52 advisories
Filter by severity
HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can...
Moderate
Unreviewed
CVE-2024-24795
was published
Apr 4, 2024
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15...
Moderate
Unreviewed
CVE-2023-0508
was published
Jun 7, 2023
CRLF Injection in RestSharp's `RestRequest.AddHeader` method
Moderate
CVE-2024-45302
was published
for
RestSharp
(NuGet)
Aug 29, 2024
Gateway API route matching order contradicts specification
Moderate
CVE-2024-42487
was published
for
github.com/cilium/cilium
(Go)
Aug 15, 2024
A CRLF injection vulnerability in E-Staff v5.1 allows attackers to insert Carriage Return (CR)...
Critical
Unreviewed
CVE-2024-40324
was published
Jul 25, 2024
Inconsistent Interpretation of HTTP Requests in github.com/gin-gonic/gin
High
CVE-2020-28483
was published
for
github.com/gin-gonic/gin
(Go)
Jun 23, 2021
A vulnerability in the web-based management API of Cisco AsyncOS Software for Cisco Secure Email...
Moderate
Unreviewed
CVE-2024-20392
was published
May 15, 2024
Low severity vulnerability that affects com.linecorp.armeria:armeria
Moderate
CVE-2019-16771
was published
for
com.linecorp.armeria:armeria
(Maven)
Dec 5, 2019
Drupal CRLF injection vulnerability in the drupal_set_header function
Moderate
CVE-2016-3166
was published
for
drupal/core
(Composer)
May 17, 2022
All versions of the package ithewei/libhv are vulnerable to HTTP Response Splitting when...
Moderate
Unreviewed
CVE-2023-26147
was published
Sep 29, 2023
AMI SPx contains a vulnerability in the BMC where an Attacker may cause an improper...
Moderate
Unreviewed
CVE-2023-34472
was published
Jul 5, 2023
All versions of the package crow are vulnerable to HTTP Response Splitting when untrusted user...
Moderate
Unreviewed
CVE-2023-26142
was published
Sep 19, 2023
Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1...
Moderate
Unreviewed
CVE-2023-41834
was published
Sep 19, 2023
In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions...
High
Unreviewed
CVE-2023-32708
was published
Jul 6, 2023
All versions of the package drogonframework/drogon are vulnerable to HTTP Response Splitting when...
Moderate
Unreviewed
CVE-2023-26137
was published
Jul 6, 2023
An issue was discovered in Netdata 1.10.0. HTTP Header Injection exists via the api/v1/data...
Moderate
Unreviewed
CVE-2018-18837
was published
May 24, 2022
Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Tomcat
Moderate
CVE-2014-0099
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') in trillium-http and trillium-client
Moderate
CVE-2024-23644
was published
for
trillium-client
(Rust)
Jan 24, 2024
A vulnerability in Cisco Email Security Appliance (ESA) and Cisco Secure Email and Web Manager...
Moderate
Unreviewed
CVE-2022-20772
was published
Nov 4, 2022
The vulnerability allows a remote attacker to inject arbitrary HTTP response headers or...
Moderate
Unreviewed
CVE-2023-48256
was published
Jan 10, 2024
phpMyAdmin HTTP Response Splitting Vulnerability
High
CVE-2009-1149
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 2, 2022
Moodle CRLF Injection Vulnerability in Calendar Component
Moderate
CVE-2011-4203
was published
for
moodle/moodle
(Composer)
May 13, 2022
The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted...
Moderate
Unreviewed
CVE-2023-29406
was published
Jul 11, 2023
HTTP Response Splitting (Early Hints) in Puma
Moderate
CVE-2020-5249
was published
for
puma
(RubyGems)
Mar 3, 2020
Header injection in TurboGears
Critical
CVE-2019-25101
was published
for
TurboGears
(pip)
Feb 4, 2023
ProTip!
Advisories are also available from the
GraphQL API