GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
11 advisories
Netty vulnerable to HTTP Response splitting from assigning header value iterator
Moderate
CVE-2022-41915
was published
for
io.netty:netty-codec-http
(Maven)
Dec 12, 2022
Misinterpretation of malicious XML input
Moderate
CVE-2021-21366
was published
for
xmldom
(npm)
Mar 12, 2021
Improper header validation in httpsoft/http-message
Moderate
GHSA-9jxr-mwpp-w643
was published
for
httpsoft/http-message
(Composer)
Apr 21, 2023
Ethereum Contains Consensus Flaw During Block Processing
Moderate
CVE-2021-39137
was published
for
github.com/ethereum/go-ethereum
(Go)
Aug 30, 2021
Insecure header validation in slim/psr7
Moderate
CVE-2023-30536
was published
for
slim/psr7
(Composer)
Apr 18, 2023
OpenZeppelin Contracts TransparentUpgradeableProxy clashing selector calls may not be delegated
Moderate
CVE-2023-30541
was published
for
@openzeppelin/contracts
(npm)
Apr 17, 2023
Improper header name validation in guzzlehttp/psr7
Moderate
CVE-2023-29197
was published
for
guzzlehttp/psr7
(Composer)
Apr 19, 2023
Bref Doesn't Support Multiple Value Headers in ApiGatewayFormatV2
Moderate
CVE-2024-24753
was published
for
bref/bref
(Composer)
Feb 1, 2024
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') in trillium-http and trillium-client
Moderate
CVE-2024-23644
was published
for
trillium-client
(Rust)
Jan 24, 2024
CarrierWave content-Type allowlist bypass vulnerability which possibly leads to XSS remained
Moderate
CVE-2024-29034
was published
for
carrierwave
(RubyGems)
Mar 25, 2024
ProTip!
Advisories are also available from the
GraphQL API