Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,743
Erlang
35
GitHub Actions
29
Go
2,315
Maven
5,000+
npm
3,949
NuGet
711
pip
3,729
Pub
12
RubyGems
920
Rust
965
Swift
38
Unreviewed advisories
All unreviewed
5,000+

71 advisories

Loading
Async HTTP Client has CRLF Injection vulnerability in HTTP request headers High
CVE-2023-0040 was published for github.com/swift-server/async-http-client (Swift) Jun 7, 2023
dellalibera
All versions of the package drogonframework/drogon are vulnerable to CRLF Injection when... Moderate Unreviewed
CVE-2023-26138 was published Jul 6, 2023
All versions of the package ithewei/libhv are vulnerable to CRLF Injection when untrusted user... Moderate Unreviewed
CVE-2023-26148 was published Sep 29, 2023
A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9... Moderate Unreviewed
CVE-2023-4768 was published Nov 3, 2023
A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9... Moderate Unreviewed
CVE-2023-4767 was published Nov 3, 2023
A vulnerability in the SAML authentication process of Cisco Secure Client could allow an... High Unreviewed
CVE-2024-20337 was published Mar 6, 2024
The software does not neutralize or incorrectly neutralizes certain characters before the data is... High Unreviewed
CVE-2024-1226 was published Mar 12, 2024
A vulnerability was found in Ritlabs TinyWeb Server 1.94. It has been classified as problematic.... Moderate Unreviewed
CVE-2024-5193 was published May 22, 2024
A CRLF Injection vulnerability in Ivanti Connect Secure (9.x, 22.x) allows an authenticated high... High Unreviewed
CVE-2023-38551 was published May 31, 2024
Tornado has a CRLF injection in CurlAsyncHTTPClient headers Moderate
GHSA-w235-7p84-xx57 was published for tornado (pip) Jun 6, 2024
sha0sum mschwager
ahpaleus
A CRLF cross-site scripting vulnerability has been identified in certain configurations of the... High Unreviewed
CVE-2024-36459 was published Jun 14, 2024
CRLF Injection in RestSharp's `RestRequest.AddHeader` method Moderate
CVE-2024-45302 was published for RestSharp (NuGet) Aug 29, 2024
sofiaml Static-Flow
CRLF injection in Refit's [Header], [HeaderCollection] and [Authorize] attributes Critical
CVE-2024-51501 was published for Refit (NuGet) Nov 4, 2024
sofiaml glennawatson
An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported... High Unreviewed
CVE-2024-48868 was published Dec 6, 2024
An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported... Moderate Unreviewed
CVE-2024-48867 was published Dec 6, 2024
The Umbraco Heartcore headless client library uses a vulnerable Refit dependency package Low
GHSA-mgr7-5782-6jh9 was published for Umbraco.Headless.Client.Net (NuGet) Jan 13, 2025
Possible Log Injection in Rack::CommonLogger Moderate
CVE-2025-25184 was published for rack (RubyGems) Feb 12, 2025
HexSave jeremyevans
ioquatix taketo1113 nick-f vladimir-mencl-eresearch lostapathy matthewbjones lfittl
Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection Moderate
CVE-2025-27111 was published for rack (RubyGems) Mar 4, 2025
Masamuneee ioquatix
jeremyevans
An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported... Moderate Unreviewed
CVE-2024-50405 was published Mar 7, 2025
An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported... High Unreviewed
CVE-2024-53693 was published Mar 7, 2025
SQL injection vulnerability in AES Multimedia's Gestnet v1.07. This vulnerability allows an... Critical Unreviewed
CVE-2025-40671 was published May 26, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database