GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
18 advisories
Filter by severity
A CRLF cross-site scripting vulnerability has been identified in certain configurations of the...
High
Unreviewed
CVE-2024-36459
was published
Jun 14, 2024
The software does not neutralize or incorrectly neutralizes certain characters before the data is...
High
Unreviewed
CVE-2024-1226
was published
Mar 12, 2024
A vulnerability in the SAML authentication process of Cisco Secure Client could allow an...
High
Unreviewed
CVE-2024-20337
was published
Mar 6, 2024
Async HTTP Client has CRLF Injection vulnerability in HTTP request headers
High
CVE-2023-0040
was published
for
github.com/swift-server/async-http-client
(Swift)
Jun 7, 2023
Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when...
High
Unreviewed
CVE-2023-26130
was published
May 30, 2023
dio vulnerable to CRLF injection with HTTP method string
High
CVE-2021-31402
was published
for
dio
(Pub)
Mar 21, 2023
Duplicate Advisory: Improper Neutralization of CRLF Sequences in dio
High
GHSA-jwpw-q68h-r678
was published
for
dio
(Pub)
May 24, 2022
•
withdrawn
cPanel before 57.9999.105 allows newline injection via LOC records (CPANEL-6923).
High
Unreviewed
CVE-2016-10803
was published
May 24, 2022
GitLab CE/EE versions 8.18 up to 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11...
High
Unreviewed
CVE-2018-19585
was published
May 24, 2022
bottle.py vulnerable to CRLF Injection
High
CVE-2016-9964
was published
for
bottle
(pip)
May 17, 2022
Insufficient restriction of IPP filters in CUPS in Google Chrome OS prior to 62.0.3202.74 allowed...
High
Unreviewed
CVE-2017-15400
was published
May 14, 2022
Domoticz before 4.10579 neglects to categorize \n and \r as insecure argument options.
High
Unreviewed
CVE-2019-10678
was published
May 14, 2022
A Improper Neutralization of CRLF Sequences vulnerability in Open Build Service allows remote...
High
Unreviewed
CVE-2018-12477
was published
May 13, 2022
Kallithea CRLF injection vulnerability
High
CVE-2015-5285
was published
for
kallithea
(pip)
May 13, 2022
CRLF injection vulnerability in phpMyVisites before 2.2 allows remote attackers to inject...
High
Unreviewed
CVE-2007-0892
was published
May 1, 2022
CRLF Injection in microweber
High
CVE-2022-0666
was published
for
microweber/microweber
(Composer)
Feb 19, 2022
Cachet vulnerable to new line injection during configuration edition
High
CVE-2021-39172
was published
for
cachethq/cachet
(Composer)
Aug 30, 2021
Gunicorn contains Improper Neutralization of CRLF sequences in HTTP headers
High
CVE-2018-1000164
was published
for
gunicorn
(pip)
Jul 12, 2018
ProTip!
Advisories are also available from the
GraphQL API