Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,500
Maven
5,000+
npm
4,147
NuGet
735
pip
3,948
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

21 advisories

Loading
Keycloak-services SMTP Inject Vulnerability Moderate
CVE-2025-8419 was published for org.keycloak:keycloak-services (Maven) Aug 6, 2025
h2 allows HTTP Request Smuggling due to illegal characters in headers Moderate
CVE-2025-57804 was published for h2 (pip) Aug 25, 2025
sebastianosrt mhils
Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection Moderate
CVE-2025-27111 was published for rack (RubyGems) Mar 4, 2025
Masamuneee ioquatix
jeremyevans
Possible Log Injection in Rack::CommonLogger Moderate
CVE-2025-25184 was published for rack (RubyGems) Feb 12, 2025
HexSave jeremyevans
ioquatix taketo1113 nick-f vladimir-mencl-eresearch lostapathy matthewbjones lfittl
Twisted CRLF Injection Moderate
CVE-2019-12387 was published for twisted (pip) Jun 10, 2019
Improper Neutralization of CRLF Sequences in urllib3 library for Python Moderate
CVE-2019-11236 was published for urllib3 (pip) May 13, 2022
CRLF Injection in RestSharp's `RestRequest.AddHeader` method Moderate
CVE-2024-45302 was published for RestSharp (NuGet) Aug 29, 2024
sofiaml Static-Flow
CRLF injection in httplib2 Moderate
CVE-2020-11078 was published for httplib2 (pip) May 20, 2020
Ciyfly
Buildbot CRLF Injection Moderate
CVE-2019-7313 was published for buildbot (pip) May 14, 2022
Tornado has a CRLF injection in CurlAsyncHTTPClient headers Moderate
GHSA-w235-7p84-xx57 was published for tornado (pip) Jun 6, 2024
sha0sum mschwager
ahpaleus
Moodle CRLF Injection Vulnerability in Calendar Component Moderate
CVE-2011-4203 was published for moodle/moodle (Composer) May 13, 2022
Joomla! vulnerable to CRLF injection Moderate
CVE-2007-4190 was published for joomla/application (Composer) May 1, 2022
Mail Gem CRLF Injection vulnerability Moderate
CVE-2015-9097 was published for mail (RubyGems) Oct 24, 2017
Headers containing newline characters can split messages in hyper Moderate
CVE-2017-18587 was published for hyper (Rust) Aug 25, 2021
CRLF Injection in Nodejs ‘undici’ via host Moderate
CVE-2023-23936 was published for undici (npm) Feb 16, 2023
CRLF vulnerability in Fiber Moderate
CVE-2020-15111 was published for github.com/gofiber/fiber (Go) Jun 29, 2021
hsblhsn abdshaleh
Nodejs ‘undici’ vulnerable to CRLF Injection via Content-Type Moderate
CVE-2022-35948 was published for undici (npm) Aug 18, 2022
happyhacking-k
phpservermon is vulnerable to CRLF Injection Moderate
CVE-2021-4097 was published for phpservermon/phpservermon (Composer) Dec 16, 2021
Improper Neutralization of CRLF Sequences in Wildfly Undertow Moderate
CVE-2016-4993 was published for org.wildfly:wildfly-undertow (Maven) May 17, 2022
undici before v5.8.0 vulnerable to CRLF injection in request headers Moderate
CVE-2022-31150 was published for undici (npm) Jul 21, 2022
Haxatron
Moderate severity vulnerability that affects io.vertx:vertx-core Moderate
CVE-2018-12537 was published for io.vertx:vertx-core (Maven) Oct 19, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database