Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

15 advisories

The software does not neutralize or incorrectly neutralizes certain characters before the data is... High Unreviewed
CVE-2024-1226 was published Mar 12, 2024
A vulnerability in the SAML authentication process of Cisco Secure Client could allow an... High Unreviewed
CVE-2024-20337 was published Mar 6, 2024
Async HTTP Client has CRLF Injection vulnerability in HTTP request headers High
CVE-2023-0040 was published for github.com/swift-server/async-http-client (Swift) Jun 7, 2023
dellalibera
Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when... High Unreviewed
CVE-2023-26130 was published May 30, 2023
dio vulnerable to CRLF injection with HTTP method string High
CVE-2021-31402 was published for dio (Pub) Mar 21, 2023
licy183 AlexV525
set0x thomas-chauchefoin-sonarsource
Duplicate Advisory: Improper Neutralization of CRLF Sequences in dio High
GHSA-jwpw-q68h-r678 was published for dio (Pub) May 24, 2022 withdrawn
AlexV525
cPanel before 57.9999.105 allows newline injection via LOC records (CPANEL-6923). High Unreviewed
CVE-2016-10803 was published May 24, 2022
GitLab CE/EE versions 8.18 up to 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11... High Unreviewed
CVE-2018-19585 was published May 24, 2022
Insufficient restriction of IPP filters in CUPS in Google Chrome OS prior to 62.0.3202.74 allowed... High Unreviewed
CVE-2017-15400 was published May 14, 2022
Domoticz before 4.10579 neglects to categorize \n and \r as insecure argument options. High Unreviewed
CVE-2019-10678 was published May 14, 2022
A Improper Neutralization of CRLF Sequences vulnerability in Open Build Service allows remote... High Unreviewed
CVE-2018-12477 was published May 13, 2022
CRLF injection vulnerability in phpMyVisites before 2.2 allows remote attackers to inject... High Unreviewed
CVE-2007-0892 was published May 1, 2022
CRLF Injection in microweber High
CVE-2022-0666 was published for microweber/microweber (Composer) Feb 19, 2022
Cachet vulnerable to new line injection during configuration edition High
CVE-2021-39172 was published for cachethq/cachet (Composer) Aug 30, 2021
thomas-chauchefoin-sonarsource tdunlap607
Gunicorn contains Improper Neutralization of CRLF sequences in HTTP headers High
CVE-2018-1000164 was published for gunicorn (pip) Jul 12, 2018
ProTip! Advisories are also available from the GraphQL API