Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
41
GitHub Actions
42
Go
3,124
Maven
5,000+
npm
5,000+
NuGet
826
pip
4,434
Pub
12
RubyGems
988
Rust
1,172
Swift
50
Unreviewed advisories
All unreviewed
5,000+

101 advisories

Loading
MimeKit has CRLF Injection in Quoted Local-Part that Enables SMTP Command Injection and Email Forgery Moderate
CVE-2026-30227 was published for MimeKit (NuGet) Mar 5, 2026
KC1zs4 Credited to KC1zs4
A flaw was found in the FTP GVfs backend. A remote attacker could exploit this input validation... Moderate Unreviewed
CVE-2026-28296 was published Feb 26, 2026
The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution... High Unreviewed
CVE-2026-1714 was published Feb 18, 2026
A flaw was found in libsoup. An attacker who can control the input for the Content-Disposition... Moderate Unreviewed
CVE-2026-1536 was published Jan 28, 2026
A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF (Carriage... Moderate Unreviewed
CVE-2026-1467 was published Jan 27, 2026
Gakido vulnerable to HTTP Header Injection (CRLF Injection) Moderate
CVE-2026-24489 was published for gakido (pip) Jan 26, 2026
omarkurt Credited to omarkurt
The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for... Moderate Unreviewed
CVE-2026-1299 was published Jan 23, 2026
Incus container environment configuration newline injection High
CVE-2026-23953 was published for github.com/lxc/incus/v6 (Go) Jan 22, 2026
rmcnamara-snyk Credited to rmcnamara-snyk
When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting... Moderate Unreviewed
CVE-2026-0672 was published Jan 21, 2026
User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through... Moderate Unreviewed
CVE-2025-15282 was published Jan 21, 2026
When folding a long comment in an email header containing exclusively unfoldable characters, the... Moderate Unreviewed
CVE-2025-11468 was published Jan 21, 2026
Mailpit has an SMTP Header Injection via Regex Bypass Moderate
CVE-2026-23829 was published for github.com/axllent/mailpit (Go) Jan 20, 2026
omarkurt Credited to omarkurt
BlackSheep's ClientSession is vulnerable to CRLF injection Moderate
CVE-2026-22779 was published for blacksheep (pip) Jan 14, 2026
tr4ce-ju Credited to tr4ce-ju
ComfyUI-Manager is Vulnerable to CRLF Injection in Configuration Handler High
CVE-2026-22777 was published for comfy-cli (pip) Jan 13, 2026
A CRLF injection vulnerability in Kentico Xperience allows attackers to manipulate URL query... Moderate Unreviewed
CVE-2022-50682 was published Dec 18, 2025
Netty has a CRLF Injection vulnerability in io.netty.handler.codec.http.HttpRequestEncoder Moderate
CVE-2025-67735 was published for io.netty:netty-codec-http (Maven) Dec 15, 2025
vietj Credited to vietj and nakyamad nakyamad nakyamad
An improper neutralization of crlf sequences ('crlf injection') in Fortinet FortiMail 7.6.0... Moderate Unreviewed
CVE-2025-54972 was published Nov 18, 2025
CRLF-injection in KeeneticOS before 4.3 at "/auth" API endpoint allows attackers to take over the... Moderate Unreviewed
CVE-2025-56007 was published Oct 23, 2025
Netty has SMTP Command Injection Vulnerability that Allows Email Forgery High
CVE-2025-59419 was published for io.netty:netty-codec-smtp (Maven) Oct 15, 2025
DepthFirstDisclosures Credited to DepthFirstDisclosures
A CRLF injection vulnerability in Neto CMS v6.313.0 through v6.314.0 allows attackers to execute... High Unreviewed
CVE-2025-28357 was published Oct 1, 2025
Keycloak SMTP Inject Vulnerability Moderate
CVE-2025-8419 was published for org.keycloak:keycloak-services (Maven) Sep 17, 2025
h2 allows HTTP Request Smuggling due to illegal characters in headers Moderate
CVE-2025-57804 was published for h2 (pip) Aug 25, 2025
sebastianosrt Credited to sebastianosrt and mhils mhils mhils
Improper neutralization of newlines in pg_dump in PostgreSQL allows a user of the origin server... High Unreviewed
CVE-2025-8715 was published Aug 14, 2025
Duplicate Advisory: Keycloak-services SMTP Inject Vulnerability Moderate
GHSA-qj5r-2r5p-phc7 was published for org.keycloak:keycloak-services (Maven) Aug 6, 2025 withdrawn
A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1... High Unreviewed
CVE-2025-41376 was published Aug 1, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database