Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

25 advisories

Loading
CRLF injection vulnerability in the drupal_goto function in includes/common.inc Drupal 4.7.x... Moderate Unreviewed
CVE-2007-5595 was published May 1, 2022
Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0... Moderate Unreviewed
CVE-2017-17742 was published May 13, 2022
A vulnerability in the Cisco Email Security Appliance (ESA) could allow an unauthenticated,... Moderate Unreviewed
CVE-2017-12309 was published May 13, 2022
CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in... Moderate Unreviewed
CVE-2016-5699 was published May 14, 2022
HTTP header injection vulnerability in i-FILTER Ver.9.50R05 and earlier may allow remote... Moderate Unreviewed
CVE-2018-16181 was published May 14, 2022
Monstra CMS V3.0.4 allows HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg... Moderate Unreviewed
CVE-2018-16979 was published May 14, 2022
CRLF injection vulnerability in the ServerResponse#writeHead function in Node.js 0.10.x before 0... Moderate Unreviewed
CVE-2016-5325 was published May 14, 2022
IBM Security Guardium 10.0 is vulnerable to HTTP response splitting attacks. A remote attacker... Moderate Unreviewed
CVE-2017-1262 was published May 14, 2022
apt-cacher before 1.7.15 and apt-cacher-ng before 3.4 allow HTTP response splitting via encoded... Moderate Unreviewed
CVE-2017-7443 was published May 17, 2022
CRLF injection vulnerability in the HTTP Header Handler in Digital Broadband Delivery System in... Moderate Unreviewed
CVE-2015-0733 was published May 17, 2022
CRLF injection vulnerability in Huawei FusionAccess before V100R006C00 allows remote attackers to... Moderate Unreviewed
CVE-2016-6839 was published May 17, 2022
An issue was discovered in Netdata 1.10.0. HTTP Header Injection exists via the api/v1/data... Moderate Unreviewed
CVE-2018-18837 was published May 24, 2022
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is... Moderate Unreviewed
CVE-2020-10753 was published May 24, 2022
A vulnerability in Cisco Email Security Appliance (ESA) and Cisco Secure Email and Web Manager... Moderate Unreviewed
CVE-2022-20772 was published Nov 4, 2022
Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be... Moderate Unreviewed
CVE-2022-37436 was published Jan 17, 2023
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15... Moderate Unreviewed
CVE-2023-0508 was published Jun 7, 2023
AMI SPx contains a vulnerability in the BMC where an Attacker may cause an improper... Moderate Unreviewed
CVE-2023-34472 was published Jul 5, 2023
All versions of the package drogonframework/drogon are vulnerable to HTTP Response Splitting when... Moderate Unreviewed
CVE-2023-26137 was published Jul 6, 2023
The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted... Moderate Unreviewed
CVE-2023-29406 was published Jul 11, 2023
Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1... Moderate Unreviewed
CVE-2023-41834 was published Sep 19, 2023
All versions of the package crow are vulnerable to HTTP Response Splitting when untrusted user... Moderate Unreviewed
CVE-2023-26142 was published Sep 19, 2023
All versions of the package ithewei/libhv are vulnerable to HTTP Response Splitting when... Moderate Unreviewed
CVE-2023-26147 was published Sep 29, 2023
The vulnerability allows a remote attacker to inject arbitrary HTTP response headers or... Moderate Unreviewed
CVE-2023-48256 was published Jan 10, 2024
HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can... Moderate Unreviewed
CVE-2024-24795 was published Apr 4, 2024
A vulnerability in the web-based management API of Cisco AsyncOS Software for Cisco Secure Email... Moderate Unreviewed
CVE-2024-20392 was published May 15, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database