Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,714
Erlang
34
GitHub Actions
28
Go
2,297
Maven
5,000+
npm
3,942
NuGet
708
pip
3,711
Pub
12
RubyGems
920
Rust
959
Swift
38
Unreviewed advisories
All unreviewed
5,000+

70 advisories

Loading
All versions of the package drogonframework/drogon are vulnerable to CRLF Injection when... Moderate Unreviewed
CVE-2023-26138 was published Jul 6, 2023
cPanel before 57.9999.105 allows newline injection via LOC records (CPANEL-6923). High Unreviewed
CVE-2016-10803 was published May 24, 2022
Incorrect implementation in Content Security Policy in Google Chrome prior to 67.0.3396.79... Moderate Unreviewed
CVE-2018-6148 was published May 24, 2022
The software does not neutralize or incorrectly neutralizes certain characters before the data is... High Unreviewed
CVE-2024-1226 was published Mar 12, 2024
A vulnerability in the SAML authentication process of Cisco Secure Client could allow an... High Unreviewed
CVE-2024-20337 was published Mar 6, 2024
Moodle CRLF Injection Vulnerability in Calendar Component Moderate
CVE-2011-4203 was published for moodle/moodle (Composer) May 13, 2022
A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9... Moderate Unreviewed
CVE-2023-4767 was published Nov 3, 2023
A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9... Moderate Unreviewed
CVE-2023-4768 was published Nov 3, 2023
Duplicate Advisory: Improper Neutralization of CRLF Sequences in dio High
GHSA-jwpw-q68h-r678 was published for dio (Pub) May 24, 2022 withdrawn
AlexV525
dio vulnerable to CRLF injection with HTTP method string High
CVE-2021-31402 was published for dio (Pub) Mar 21, 2023
licy183 AlexV525
set0x thomas-chauchefoin-sonarsource
Joomla! vulnerable to CRLF injection Moderate
CVE-2007-4190 was published for joomla/application (Composer) May 1, 2022
Mail Gem CRLF Injection vulnerability Moderate
CVE-2015-9097 was published for mail (RubyGems) Oct 24, 2017
A vulnerability in the Clientless SSL VPN (WebVPN) of Cisco Adaptive Security Appliance (ASA)... Moderate Unreviewed
CVE-2020-3561 was published May 24, 2022
Async HTTP Client has CRLF Injection vulnerability in HTTP request headers High
CVE-2023-0040 was published for github.com/swift-server/async-http-client (Swift) Jun 7, 2023
dellalibera
Headers containing newline characters can split messages in hyper Moderate
CVE-2017-18587 was published for hyper (Rust) Aug 25, 2021
Cachet vulnerable to new line injection during configuration edition High
CVE-2021-39172 was published for cachethq/cachet (Composer) Aug 30, 2021
thomas-chauchefoin-sonarsource tdunlap607
CRLF Injection in Nodejs ‘undici’ via host Moderate
CVE-2023-23936 was published for undici (npm) Feb 16, 2023
CRLF vulnerability in Fiber Moderate
CVE-2020-15111 was published for github.com/gofiber/fiber (Go) Jun 29, 2021
hsblhsn abdshaleh
CRLF Injection in microweber High
CVE-2022-0666 was published for microweber/microweber (Composer) Feb 19, 2022
Nodejs ‘undici’ vulnerable to CRLF Injection via Content-Type Moderate
CVE-2022-35948 was published for undici (npm) Aug 18, 2022
happyhacking-k
CRLF injection vulnerability in IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband... Moderate Unreviewed
CVE-2014-9564 was published May 17, 2022
CrushFTP before 7.8.0 and 8.x before 8.2.0 has an HTTP header vulnerability. Moderate Unreviewed
CVE-2017-14037 was published May 17, 2022
CRLF injection vulnerability in OXID eShop Professional Edition before 4.7.11 and 4.8.x before 4... Moderate Unreviewed
CVE-2014-2017 was published May 14, 2022
Insufficient restriction of IPP filters in CUPS in Google Chrome OS prior to 62.0.3202.74 allowed... High Unreviewed
CVE-2017-15400 was published May 14, 2022
Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a... Moderate Unreviewed
CVE-2015-9096 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database