GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
43 advisories
Filter by severity
An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported...
Moderate
Unreviewed
CVE-2024-48867
was published
Dec 6, 2024
CRLF Injection in RestSharp's `RestRequest.AddHeader` method
Moderate
CVE-2024-45302
was published
for
RestSharp
(NuGet)
Aug 29, 2024
Tornado has a CRLF injection in CurlAsyncHTTPClient headers
Moderate
GHSA-w235-7p84-xx57
was published
for
tornado
(pip)
Jun 6, 2024
A vulnerability was found in Ritlabs TinyWeb Server 1.94. It has been classified as problematic....
Moderate
Unreviewed
CVE-2024-5193
was published
May 22, 2024
A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9...
Moderate
Unreviewed
CVE-2023-4768
was published
Nov 3, 2023
A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9...
Moderate
Unreviewed
CVE-2023-4767
was published
Nov 3, 2023
All versions of the package ithewei/libhv are vulnerable to CRLF Injection when untrusted user...
Moderate
Unreviewed
CVE-2023-26148
was published
Sep 29, 2023
All versions of the package drogonframework/drogon are vulnerable to CRLF Injection when...
Moderate
Unreviewed
CVE-2023-26138
was published
Jul 6, 2023
CRLF Injection in Nodejs ‘undici’ via host
Moderate
CVE-2023-23936
was published
for
undici
(npm)
Feb 16, 2023
Nodejs ‘undici’ vulnerable to CRLF Injection via Content-Type
Moderate
CVE-2022-35948
was published
for
undici
(npm)
Aug 18, 2022
undici before v5.8.0 vulnerable to CRLF injection in request headers
Moderate
CVE-2022-31150
was published
for
undici
(npm)
Jul 21, 2022
A vulnerability in the Clientless SSL VPN (WebVPN) of Cisco Adaptive Security Appliance (ASA)...
Moderate
Unreviewed
CVE-2020-3561
was published
May 24, 2022
Incorrect implementation in Content Security Policy in Google Chrome prior to 67.0.3396.79...
Moderate
Unreviewed
CVE-2018-6148
was published
May 24, 2022
An issue was discovered in Weaver e-cology 9.0. There is a CRLF Injection vulnerability via the ...
Moderate
Unreviewed
CVE-2019-10272
was published
May 24, 2022
HTTP header injection vulnerability in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2...
Moderate
Unreviewed
CVE-2017-2111
was published
May 17, 2022
An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is a home/seos...
Moderate
Unreviewed
CVE-2017-8791
was published
May 17, 2022
An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is a CRLF...
Moderate
Unreviewed
CVE-2017-8788
was published
May 17, 2022
CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote...
Moderate
Unreviewed
CVE-2017-5868
was published
May 17, 2022
CRLF injection vulnerability in the url_parse function in url.c in Wget through 1.19.1 allows...
Moderate
Unreviewed
CVE-2017-6508
was published
May 17, 2022
CRLF injection vulnerability in IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband...
Moderate
Unreviewed
CVE-2014-9564
was published
May 17, 2022
CrushFTP before 7.8.0 and 8.x before 8.2.0 has an HTTP header vulnerability.
Moderate
Unreviewed
CVE-2017-14037
was published
May 17, 2022
Improper Neutralization of CRLF Sequences in Wildfly Undertow
Moderate
CVE-2016-4993
was published
for
org.wildfly:wildfly-undertow
(Maven)
May 17, 2022
CRLF injection vulnerability in OXID eShop Professional Edition before 4.7.11 and 4.8.x before 4...
Moderate
Unreviewed
CVE-2014-2017
was published
May 14, 2022
Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a...
Moderate
Unreviewed
CVE-2015-9096
was published
May 14, 2022
CRLF injection vulnerability in VMware vCenter Server 6.0 before U2 and ESXi 6.0 allows remote...
Moderate
Unreviewed
CVE-2016-5331
was published
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API