Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,958
Erlang
29
GitHub Actions
16
Go
1,745
Maven
4,971
npm
3,507
NuGet
609
pip
3,066
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+

30 advisories

A vulnerability in the activation of an access control list (ACL) on Cisco Adaptive Security... Moderate Unreviewed
CVE-2024-20293 was published May 22, 2024
Softing Secure Integration Server Interpretation Conflict Remote Code Execution Vulnerability.... Moderate Unreviewed
CVE-2023-39481 was published May 3, 2024
An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents... Moderate Unreviewed
CVE-2024-3386 was published Apr 10, 2024
CarrierWave content-Type allowlist bypass vulnerability which possibly leads to XSS remained Moderate
CVE-2024-29034 was published for carrierwave (RubyGems) Mar 25, 2024
a-zara-n
IBM PowerSC 1.3, 2.0, and 2.1 uses insecure HTTP methods which could allow a remote attacker to... Moderate Unreviewed
CVE-2023-50327 was published Feb 2, 2024
Bref Doesn't Support Multiple Value Headers in ApiGatewayFormatV2 Moderate
CVE-2024-24753 was published for bref/bref (Composer) Feb 1, 2024
smaury mnapoli
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') in trillium-http and trillium-client Moderate
CVE-2024-23644 was published for trillium-client (Rust) Jan 24, 2024
divergentdave
The vulnerability allows a remote attacker to inject arbitrary HTTP response headers or... Moderate Unreviewed
CVE-2023-48256 was published Jan 10, 2024
The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted... Moderate Unreviewed
CVE-2023-29406 was published Jul 11, 2023
Improper Input Validation in nyholm/psr7 Moderate
GHSA-wjfc-pgfp-pv9c was published for nyholm/psr7 (Composer) Apr 21, 2023
Improper header validation in httpsoft/http-message Moderate
GHSA-9jxr-mwpp-w643 was published for httpsoft/http-message (Composer) Apr 21, 2023
devanych
Improper header name validation in guzzlehttp/psr7 Moderate
CVE-2023-29197 was published for guzzlehttp/psr7 (Composer) Apr 19, 2023
Nyholm TimWolla
GrahamCampbell
Insecure header validation in slim/psr7 Moderate
CVE-2023-30536 was published for slim/psr7 (Composer) Apr 18, 2023
GrahamCampbell akrabat
williamdes
OpenZeppelin Contracts TransparentUpgradeableProxy clashing selector calls may not be delegated Moderate
CVE-2023-30541 was published for @openzeppelin/contracts (npm) Apr 17, 2023
MarkLee131
In the Linux kernel before 6.0.3, drivers/gpu/drm/virtio/virtgpu_object.c misinterprets the... Moderate Unreviewed
CVE-2023-22998 was published Feb 28, 2023
A improper neutralization of crlf sequences in http headers ('http response splitting') in... Moderate Unreviewed
CVE-2022-42472 was published Feb 16, 2023
Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be... Moderate Unreviewed
CVE-2022-37436 was published Jan 17, 2023
Netty vulnerable to HTTP Response splitting from assigning header value iterator Moderate
CVE-2022-41915 was published for io.netty:netty-codec-http (Maven) Dec 12, 2022
rafalambrozewicz anderruiz
Insecure method vulnerability in which allowed HTTP methods are disclosed. E.g., OPTIONS, DELETE,... Moderate Unreviewed
CVE-2022-38115 was published Nov 23, 2022
An HTTP response splitting attack in web application in ASUS RT-AX88U before v3.0.0.4.388.20558... Moderate Unreviewed
CVE-2021-41437 was published Sep 27, 2022
Fossil 2.18 on Windows allows attackers to cause a denial of service (daemon crash) via an XSS... Moderate Unreviewed
CVE-2022-34009 was published Jul 29, 2022
A vulnerability in the FTP inspection engine of Cisco Adaptive Security Appliance (ASA) Software... Moderate Unreviewed
CVE-2020-3564 was published May 24, 2022
For ABB eSOMS versions 4.0 to 6.0.3, the X-Content-Type-Options Header is missing in the HTTP... Moderate Unreviewed
CVE-2019-19089 was published May 24, 2022
The Quick Heal AV parsing engine (November 2019) allows virus-detection bypass via a crafted... Moderate Unreviewed
CVE-2020-9362 was published May 24, 2022
The Sophos AV parsing engine before 2020-01-14 allows virus-detection bypass via a crafted ZIP... Moderate Unreviewed
CVE-2020-9363 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API