GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,694
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
58 advisories
Filter by severity
A vulnerability was found in Ritlabs TinyWeb Server 1.94. It has been classified as problematic....
Moderate
Unreviewed
CVE-2024-5193
was published
May 22, 2024
Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when...
High
Unreviewed
CVE-2023-26130
was published
May 30, 2023
An issue was discovered in Weaver e-cology 9.0. There is a CRLF Injection vulnerability via the ...
Moderate
Unreviewed
CVE-2019-10272
was published
May 24, 2022
All versions of the package ithewei/libhv are vulnerable to CRLF Injection when untrusted user...
Moderate
Unreviewed
CVE-2023-26148
was published
Sep 29, 2023
All versions of the package drogonframework/drogon are vulnerable to CRLF Injection when...
Moderate
Unreviewed
CVE-2023-26138
was published
Jul 6, 2023
cPanel before 57.9999.105 allows newline injection via LOC records (CPANEL-6923).
High
Unreviewed
CVE-2016-10803
was published
May 24, 2022
Incorrect implementation in Content Security Policy in Google Chrome prior to 67.0.3396.79...
Moderate
Unreviewed
CVE-2018-6148
was published
May 24, 2022
The software does not neutralize or incorrectly neutralizes certain characters before the data is...
High
Unreviewed
CVE-2024-1226
was published
Mar 12, 2024
A vulnerability in the SAML authentication process of Cisco Secure Client could allow an...
High
Unreviewed
CVE-2024-20337
was published
Mar 6, 2024
Moodle CRLF Injection Vulnerability in Calendar Component
Moderate
CVE-2011-4203
was published
for
moodle/moodle
(Composer)
May 13, 2022
A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9...
Moderate
Unreviewed
CVE-2023-4767
was published
Nov 3, 2023
A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9...
Moderate
Unreviewed
CVE-2023-4768
was published
Nov 3, 2023
Improper Neutralization of CRLF Sequences in urllib3 library for Python
Moderate
CVE-2019-11236
was published
for
urllib3
(pip)
May 13, 2022
Duplicate Advisory: Improper Neutralization of CRLF Sequences in dio
High
GHSA-jwpw-q68h-r678
was published
for
dio
(Pub)
May 24, 2022
•
withdrawn
dio vulnerable to CRLF injection with HTTP method string
High
CVE-2021-31402
was published
for
dio
(Pub)
Mar 21, 2023
Joomla! vulnerable to CRLF injection
Moderate
CVE-2007-4190
was published
for
joomla/application
(Composer)
May 1, 2022
Mail Gem CRLF Injection vulnerability
Moderate
CVE-2015-9097
was published
for
mail
(RubyGems)
Oct 24, 2017
A vulnerability in the Clientless SSL VPN (WebVPN) of Cisco Adaptive Security Appliance (ASA)...
Moderate
Unreviewed
CVE-2020-3561
was published
May 24, 2022
Kallithea CRLF injection vulnerability
Moderate
CVE-2015-5285
was published
for
kallithea
(pip)
May 13, 2022
Async HTTP Client has CRLF Injection vulnerability in HTTP request headers
High
CVE-2023-0040
was published
for
github.com/swift-server/async-http-client
(Swift)
Jun 7, 2023
Headers containing newline characters can split messages in hyper
Moderate
CVE-2017-18587
was published
for
hyper
(Rust)
Aug 25, 2021
Cachet vulnerable to new line injection during configuration edition
High
CVE-2021-39172
was published
for
cachethq/cachet
(Composer)
Aug 30, 2021
CRLF Injection in Nodejs ‘undici’ via host
Moderate
CVE-2023-23936
was published
for
undici
(npm)
Feb 16, 2023
ProTip!
Advisories are also available from the
GraphQL API