GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
47 advisories
Filter by severity
A vulnerability in the web-based management API of Cisco AsyncOS Software for Cisco Secure Email...
Moderate
Unreviewed
CVE-2024-20392
was published
May 15, 2024
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') in trillium-http and trillium-client
Moderate
CVE-2024-23644
was published
for
trillium-client
(Rust)
Jan 24, 2024
The vulnerability allows a remote attacker to inject arbitrary HTTP response headers or...
Moderate
Unreviewed
CVE-2023-48256
was published
Jan 10, 2024
All versions of the package ithewei/libhv are vulnerable to HTTP Response Splitting when...
Moderate
Unreviewed
CVE-2023-26147
was published
Sep 29, 2023
All versions of the package crow are vulnerable to HTTP Response Splitting when untrusted user...
Moderate
Unreviewed
CVE-2023-26142
was published
Sep 19, 2023
Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1...
Moderate
Unreviewed
CVE-2023-41834
was published
Sep 19, 2023
The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted...
Moderate
Unreviewed
CVE-2023-29406
was published
Jul 11, 2023
In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions...
High
Unreviewed
CVE-2023-32708
was published
Jul 6, 2023
All versions of the package drogonframework/drogon are vulnerable to HTTP Response Splitting when...
Moderate
Unreviewed
CVE-2023-26137
was published
Jul 6, 2023
AMI SPx contains a vulnerability in the BMC where an Attacker may cause an improper...
Moderate
Unreviewed
CVE-2023-34472
was published
Jul 5, 2023
SwiftNIO vulnerable to Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
Moderate
CVE-2022-3215
was published
for
github.com/apple/swift-nio
(Swift)
Jun 7, 2023
Header injection in TurboGears
Critical
CVE-2019-25101
was published
for
TurboGears
(pip)
Feb 4, 2023
Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be...
Moderate
Unreviewed
CVE-2022-37436
was published
Jan 17, 2023
Netty vulnerable to HTTP Response splitting from assigning header value iterator
Moderate
CVE-2022-41915
was published
for
io.netty:netty-codec-http
(Maven)
Dec 12, 2022
A vulnerability in Cisco Email Security Appliance (ESA) and Cisco Secure Email and Web Manager...
Moderate
Unreviewed
CVE-2022-20772
was published
Nov 4, 2022
A vulnerability exists in the http web interface where the web interface does not validate data...
High
Unreviewed
CVE-2021-40336
was published
Jul 26, 2022
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is...
Moderate
Unreviewed
CVE-2020-10753
was published
May 24, 2022
An issue was discovered in Netdata 1.10.0. HTTP Header Injection exists via the api/v1/data...
Moderate
Unreviewed
CVE-2018-18837
was published
May 24, 2022
Drupal CRLF injection vulnerability in the drupal_set_header function
Moderate
CVE-2016-3166
was published
for
drupal/core
(Composer)
May 17, 2022
CRLF injection vulnerability in Huawei FusionAccess before V100R006C00 allows remote attackers to...
Moderate
Unreviewed
CVE-2016-6839
was published
May 17, 2022
CRLF injection vulnerability in the HTTP Header Handler in Digital Broadband Delivery System in...
Moderate
Unreviewed
CVE-2015-0733
was published
May 17, 2022
apt-cacher before 1.7.15 and apt-cacher-ng before 3.4 allow HTTP response splitting via encoded...
Moderate
Unreviewed
CVE-2017-7443
was published
May 17, 2022
Improper neutralization of CRLF sequences in HTTP headers vulnerability in Intel Security...
High
Unreviewed
CVE-2016-8024
was published
May 17, 2022
HTTP header injection in the httpd package in fli4l before 3.10.1 and 4.0 before 2015-01-30.
High
Unreviewed
CVE-2015-1445
was published
May 17, 2022
IBM Security Guardium 10.0 is vulnerable to HTTP response splitting attacks. A remote attacker...
Moderate
Unreviewed
CVE-2017-1262
was published
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API