GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 28,615
Composer 5,561
Erlang 49
GitHub Actions 49
Go 3,436
Maven 6,374
npm 5,656
NuGet 883
pip 4,694
Pub 13
RubyGems 1,029
Rust 1,212
Swift 53

Unreviewed advisories

All unreviewed 296,990

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

66 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to... Moderate Unreviewed

CVE-2026-2442 was published Mar 28, 2026

A vulnerability in the web-based Cisco IOx application hosting environment management interface... Moderate Unreviewed

CVE-2026-20113 was published Mar 25, 2026

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_mail_smtp_module module due to... Moderate Unreviewed

CVE-2026-28753 was published Mar 24, 2026

A flaw was found in libsoup. A remote attacker, by controlling the method parameter of the ... Low Unreviewed

CVE-2026-3633 was published Mar 17, 2026

A flaw was found in libsoup. An attacker controlling the value used to set the Content-Type... Low Unreviewed

CVE-2026-3634 was published Mar 17, 2026

A flaw was found in mod_proxy_cluster. This vulnerability, a Carriage Return Line Feed (CRLF)... Moderate Unreviewed

CVE-2026-3234 was published Mar 12, 2026

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.11 before 18.7.6, 18... Moderate Unreviewed

CVE-2026-3848 was published Mar 11, 2026

A flaw was found in the FTP GVfs backend. A remote attacker could exploit this input validation... Moderate Unreviewed

CVE-2026-28296 was published Feb 26, 2026

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution... High Unreviewed

CVE-2026-1714 was published Feb 18, 2026

A flaw was found in libsoup. An attacker who can control the input for the Content-Disposition... Moderate Unreviewed

CVE-2026-1536 was published Jan 28, 2026

A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF (Carriage... Moderate Unreviewed

CVE-2026-1467 was published Jan 27, 2026

The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for... Moderate Unreviewed

CVE-2026-1299 was published Jan 23, 2026

When folding a long comment in an email header containing exclusively unfoldable characters, the... Moderate Unreviewed

CVE-2025-11468 was published Jan 21, 2026

User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through... Moderate Unreviewed

CVE-2025-15282 was published Jan 21, 2026

When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting... Moderate Unreviewed

CVE-2026-0672 was published Jan 21, 2026

A CRLF injection vulnerability in Kentico Xperience allows attackers to manipulate URL query... Moderate Unreviewed

CVE-2022-50682 was published Dec 18, 2025

An improper neutralization of crlf sequences ('crlf injection') in Fortinet FortiMail 7.6.0... Moderate Unreviewed

CVE-2025-54972 was published Nov 18, 2025

CRLF-injection in KeeneticOS before 4.3 at "/auth" API endpoint allows attackers to take over the... Moderate Unreviewed

CVE-2025-56007 was published Oct 23, 2025

A CRLF injection vulnerability in Neto CMS v6.313.0 through v6.314.0 allows attackers to execute... High Unreviewed

CVE-2025-28357 was published Oct 1, 2025

Improper neutralization of newlines in pg_dump in PostgreSQL allows a user of the origin server... High Unreviewed

CVE-2025-8715 was published Aug 14, 2025

A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1... High Unreviewed

CVE-2025-41376 was published Aug 1, 2025

Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in DECE Software Geodi... High Unreviewed

CVE-2025-6175 was published Jul 29, 2025

CLRF injection in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before... Moderate Unreviewed

CVE-2025-0293 was published Jul 8, 2025

An unauthenticated attacker may perform a blind server side request forgery (SSRF), due to a CLRF... Moderate Unreviewed

CVE-2024-51981 was published Jun 26, 2025

SQL injection vulnerability in AES Multimedia's Gestnet v1.07. This vulnerability allows an... Critical Unreviewed

CVE-2025-40671 was published May 26, 2025

Previous1…3 Next

Previous 1 2 3 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

66 advisories