Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
42
GitHub Actions
43
Go
3,153
Maven
5,000+
npm
5,000+
NuGet
861
pip
4,451
Pub
12
RubyGems
991
Rust
1,179
Swift
50
Unreviewed advisories
All unreviewed
5,000+

42 advisories

Loading
MimeKit has CRLF Injection in Quoted Local-Part that Enables SMTP Command Injection and Email Forgery Moderate
CVE-2026-30227 was published for MimeKit (NuGet) Mar 5, 2026
KC1zs4 Credited to KC1zs4
Gakido vulnerable to HTTP Header Injection (CRLF Injection) Moderate
CVE-2026-24489 was published for gakido (pip) Jan 26, 2026
omarkurt Credited to omarkurt
Incus container environment configuration newline injection High
CVE-2026-23953 was published for github.com/lxc/incus/v6 (Go) Jan 22, 2026
rmcnamara-snyk Credited to rmcnamara-snyk
Mailpit has an SMTP Header Injection via Regex Bypass Moderate
CVE-2026-23829 was published for github.com/axllent/mailpit (Go) Jan 20, 2026
omarkurt Credited to omarkurt
BlackSheep's ClientSession is vulnerable to CRLF injection Moderate
CVE-2026-22779 was published for blacksheep (pip) Jan 14, 2026
tr4ce-ju Credited to tr4ce-ju
ComfyUI-Manager is Vulnerable to CRLF Injection in Configuration Handler High
CVE-2026-22777 was published for comfy-cli (pip) Jan 13, 2026
Netty has a CRLF Injection vulnerability in io.netty.handler.codec.http.HttpRequestEncoder Moderate
CVE-2025-67735 was published for io.netty:netty-codec-http (Maven) Dec 15, 2025
vietj Credited to vietj and nakyamad nakyamad nakyamad
Netty has SMTP Command Injection Vulnerability that Allows Email Forgery High
CVE-2025-59419 was published for io.netty:netty-codec-smtp (Maven) Oct 15, 2025
DepthFirstDisclosures Credited to DepthFirstDisclosures
Keycloak SMTP Inject Vulnerability Moderate
CVE-2025-8419 was published for org.keycloak:keycloak-services (Maven) Sep 17, 2025
h2 allows HTTP Request Smuggling due to illegal characters in headers Moderate
CVE-2025-57804 was published for h2 (pip) Aug 25, 2025
sebastianosrt Credited to sebastianosrt and mhils mhils mhils
Duplicate Advisory: Keycloak-services SMTP Inject Vulnerability Moderate
GHSA-qj5r-2r5p-phc7 was published for org.keycloak:keycloak-services (Maven) Aug 6, 2025 withdrawn
Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection Moderate
CVE-2025-27111 was published for rack (RubyGems) Mar 4, 2025
Masamuneee Credited to Masamuneee, ioquatix, and jeremyevans ioquatix ioquatix
jeremyevans jeremyevans
Possible Log Injection in Rack::CommonLogger Moderate
CVE-2025-25184 was published for rack (RubyGems) Feb 12, 2025
HexSave Credited to HexSave, jeremyevans, ioquatix, taketo1113, nick-f, vladimir-mencl-eresearch, lostapathy, matthewbjones, and lfittl jeremyevans jeremyevans
ioquatix ioquatix taketo1113 taketo1113 nick-f nick-f vladimir-mencl-eresearch vladimir-mencl-eresearch lostapathy lostapathy matthewbjones matthewbjones lfittl lfittl
The Umbraco Heartcore headless client library uses a vulnerable Refit dependency package Low
GHSA-mgr7-5782-6jh9 was published for Umbraco.Headless.Client.Net (NuGet) Jan 13, 2025
CRLF injection in Refit's [Header], [HeaderCollection] and [Authorize] attributes Critical
CVE-2024-51501 was published for Refit (NuGet) Nov 4, 2024
sofiaml Credited to sofiaml and glennawatson glennawatson glennawatson
CRLF Injection in RestSharp's `RestRequest.AddHeader` method Moderate
CVE-2024-45302 was published for RestSharp (NuGet) Aug 29, 2024
sofiaml Credited to sofiaml and Static-Flow Static-Flow Static-Flow
Tornado has a CRLF injection in CurlAsyncHTTPClient headers Moderate
GHSA-w235-7p84-xx57 was published for tornado (pip) Jun 6, 2024
sha0sum Credited to sha0sum, mschwager, and ahpaleus mschwager mschwager
ahpaleus ahpaleus
Async HTTP Client has CRLF Injection vulnerability in HTTP request headers High
CVE-2023-0040 was published for github.com/swift-server/async-http-client (Swift) Jun 7, 2023
dellalibera Credited to dellalibera
dio vulnerable to CRLF injection with HTTP method string High
CVE-2021-31402 was published for dio (Pub) Mar 21, 2023
licy183 Credited to licy183, AlexV525, set0x, and thomas-chauchefoin-sonarsource AlexV525 AlexV525
set0x set0x thomas-chauchefoin-sonarsource thomas-chauchefoin-sonarsource
CRLF Injection in Nodejs ‘undici’ via host Moderate
CVE-2023-23936 was published for undici (npm) Feb 16, 2023
Nodejs ‘undici’ vulnerable to CRLF Injection via Content-Type Moderate
CVE-2022-35948 was published for undici (npm) Aug 18, 2022
happyhacking-k Credited to happyhacking-k
undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect Low
CVE-2022-31151 was published for undici (npm) Jul 21, 2022
Haxatron Credited to Haxatron
undici before v5.8.0 vulnerable to CRLF injection in request headers Moderate
CVE-2022-31150 was published for undici (npm) Jul 21, 2022
Haxatron Credited to Haxatron
Duplicate Advisory: Improper Neutralization of CRLF Sequences in dio High
GHSA-jwpw-q68h-r678 was published for dio (Pub) May 24, 2022 withdrawn
AlexV525 Credited to AlexV525
bottle.py vulnerable to CRLF Injection High
CVE-2016-9964 was published for bottle (pip) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database