GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
70 advisories
Undici has CRLF Injection in undici via `upgrade` option
Moderate
CVE-2026-1527
was published
for
undici
(npm)
Mar 13, 2026
MimeKit has CRLF Injection in Quoted Local-Part that Enables SMTP Command Injection and Email Forgery
Moderate
CVE-2026-30227
was published
for
MimeKit
(NuGet)
Mar 5, 2026
Gakido vulnerable to HTTP Header Injection (CRLF Injection)
Moderate
CVE-2026-24489
was published
for
gakido
(pip)
Jan 26, 2026
Mailpit has an SMTP Header Injection via Regex Bypass
Moderate
CVE-2026-23829
was published
for
github.com/axllent/mailpit
(Go)
Jan 20, 2026
BlackSheep's ClientSession is vulnerable to CRLF injection
Moderate
CVE-2026-22779
was published
for
blacksheep
(pip)
Jan 14, 2026
Netty has a CRLF Injection vulnerability in io.netty.handler.codec.http.HttpRequestEncoder
Moderate
CVE-2025-67735
was published
for
io.netty:netty-codec-http
(Maven)
Dec 15, 2025
h2 allows HTTP Request Smuggling due to illegal characters in headers
Moderate
CVE-2025-57804
was published
for
h2
(pip)
Aug 25, 2025
Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection
Moderate
CVE-2025-27111
was published
for
rack
(RubyGems)
Mar 4, 2025
ProTip!
Advisories are also available from the
GraphQL API