Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,179
Erlang
31
GitHub Actions
19
Go
1,982
Maven
5,000+
npm
3,701
NuGet
656
pip
3,323
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+

62 advisories

Loading
CRLF injection in Refit's [Header], [HeaderCollection] and [Authorize] attributes High
CVE-2024-51501 was published for Refit (NuGet) Nov 4, 2024
sofiaml
CRLF Injection in RestSharp's `RestRequest.AddHeader` method Moderate
CVE-2024-45302 was published for RestSharp (NuGet) Aug 29, 2024
sofiaml Static-Flow
A CRLF cross-site scripting vulnerability has been identified in certain configurations of the... High Unreviewed
CVE-2024-36459 was published Jun 14, 2024
Tornado has a CRLF injection in CurlAsyncHTTPClient headers Moderate
GHSA-w235-7p84-xx57 was published for tornado (pip) Jun 6, 2024
sha0sum mschwager
ahpaleus
A vulnerability was found in Ritlabs TinyWeb Server 1.94. It has been classified as problematic.... Moderate Unreviewed
CVE-2024-5193 was published May 22, 2024
The software does not neutralize or incorrectly neutralizes certain characters before the data is... High Unreviewed
CVE-2024-1226 was published Mar 12, 2024
A vulnerability in the SAML authentication process of Cisco Secure Client could allow an... High Unreviewed
CVE-2024-20337 was published Mar 6, 2024
A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9... Moderate Unreviewed
CVE-2023-4768 was published Nov 3, 2023
A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9... Moderate Unreviewed
CVE-2023-4767 was published Nov 3, 2023
All versions of the package ithewei/libhv are vulnerable to CRLF Injection when untrusted user... Moderate Unreviewed
CVE-2023-26148 was published Sep 29, 2023
All versions of the package drogonframework/drogon are vulnerable to CRLF Injection when... Moderate Unreviewed
CVE-2023-26138 was published Jul 6, 2023
Async HTTP Client has CRLF Injection vulnerability in HTTP request headers High
CVE-2023-0040 was published for github.com/swift-server/async-http-client (Swift) Jun 7, 2023
dellalibera
Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when... High Unreviewed
CVE-2023-26130 was published May 30, 2023
dio vulnerable to CRLF injection with HTTP method string High
CVE-2021-31402 was published for dio (Pub) Mar 21, 2023
licy183 AlexV525
set0x thomas-chauchefoin-sonarsource
CRLF Injection in Nodejs ‘undici’ via host Moderate
CVE-2023-23936 was published for undici (npm) Feb 16, 2023
Nodejs ‘undici’ vulnerable to CRLF Injection via Content-Type Moderate
CVE-2022-35948 was published for undici (npm) Aug 18, 2022
happyhacking-k
undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect Low
CVE-2022-31151 was published for undici (npm) Jul 21, 2022
Haxatron
undici before v5.8.0 vulnerable to CRLF injection in request headers Moderate
CVE-2022-31150 was published for undici (npm) Jul 21, 2022
Haxatron
Duplicate Advisory: Improper Neutralization of CRLF Sequences in dio High
GHSA-jwpw-q68h-r678 was published for dio (Pub) May 24, 2022 withdrawn
AlexV525
A vulnerability in the Clientless SSL VPN (WebVPN) of Cisco Adaptive Security Appliance (ASA)... Moderate Unreviewed
CVE-2020-3561 was published May 24, 2022
cPanel before 57.9999.105 allows newline injection via LOC records (CPANEL-6923). High Unreviewed
CVE-2016-10803 was published May 24, 2022
Incorrect implementation in Content Security Policy in Google Chrome prior to 67.0.3396.79... Moderate Unreviewed
CVE-2018-6148 was published May 24, 2022
GitLab CE/EE versions 8.18 up to 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11... High Unreviewed
CVE-2018-19585 was published May 24, 2022
An issue was discovered in Weaver e-cology 9.0. There is a CRLF Injection vulnerability via the ... Moderate Unreviewed
CVE-2019-10272 was published May 24, 2022
bottle.py vulnerable to CRLF Injection Moderate
CVE-2016-9964 was published for bottle (pip) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database