Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,247
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

50 advisories

Loading
Improper neutralization of CRLF sequences in HTTP headers vulnerability in Intel Security... High Unreviewed
CVE-2016-8024 was published May 17, 2022
HTTP header injection in the httpd package in fli4l before 3.10.1 and 4.0 before 2015-01-30. High Unreviewed
CVE-2015-1445 was published May 17, 2022
IBM Security Guardium 10.0 is vulnerable to HTTP response splitting attacks. A remote attacker... Moderate Unreviewed
CVE-2017-1262 was published May 14, 2022
CRLF injection vulnerability in the ServerResponse#writeHead function in Node.js 0.10.x before 0... Moderate Unreviewed
CVE-2016-5325 was published May 14, 2022
Monstra CMS V3.0.4 allows HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg... Moderate Unreviewed
CVE-2018-16979 was published May 14, 2022
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')... High Unreviewed
CVE-2018-7830 was published May 14, 2022
HTTP header injection vulnerability in i-FILTER Ver.9.50R05 and earlier may allow remote... Moderate Unreviewed
CVE-2018-16181 was published May 14, 2022
The YunoHost 2.7.2 through 2.7.14 web application is affected by one HTTP Response Header... High Unreviewed
CVE-2018-11347 was published May 14, 2022
CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in... Moderate Unreviewed
CVE-2016-5699 was published May 14, 2022
HTTP header injection vulnerability in SEIKO EPSON printers and scanners (DS-570W firmware... High Unreviewed
CVE-2018-0689 was published May 14, 2022
Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Tomcat Moderate
CVE-2014-0099 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ
A vulnerability in the Cisco Email Security Appliance (ESA) could allow an unauthenticated,... Moderate Unreviewed
CVE-2017-12309 was published May 13, 2022
Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0... Moderate Unreviewed
CVE-2017-17742 was published May 13, 2022
Improper Neutralization of CRLF Sequences in HTTP Headers in Undertow Moderate
CVE-2018-1067 was published for org.jboss.eap:wildfly-undertow (Maven) May 13, 2022
Moodle CRLF Injection Vulnerability in Calendar Component Moderate
CVE-2011-4203 was published for moodle/moodle (Composer) May 13, 2022
An exploitable HTTP header injection vulnerability exists in the remote servers of Samsung... High Unreviewed
CVE-2018-3911 was published May 13, 2022
phpMyAdmin HTTP Response Splitting Vulnerability High
CVE-2009-1149 was published for phpmyadmin/phpmyadmin (Composer) May 2, 2022
CRLF injection vulnerability in the drupal_goto function in includes/common.inc Drupal 4.7.x... Moderate Unreviewed
CVE-2007-5595 was published May 1, 2022
HTTP Response Splitting in WSO2 transport-http Moderate
CVE-2019-10797 was published for org.wso2.transport.http:org.wso2.transport.http.netty (Maven) Feb 9, 2022
Inconsistent Interpretation of HTTP Requests in github.com/gin-gonic/gin High
CVE-2020-28483 was published for github.com/gin-gonic/gin (Go) Jun 23, 2021
HTTP Response Splitting (Early Hints) in Puma Moderate
CVE-2020-5249 was published for puma (RubyGems) Mar 3, 2020
HTTP Response Splitting in Puma Moderate
CVE-2020-5247 was published for puma (RubyGems) Feb 28, 2020
Limited header injection when using dynamic overrides with user input in RubyGems secure_headers Moderate
CVE-2020-5216 was published for secure_headers (RubyGems) Jan 23, 2020
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') in Armeria Moderate
GHSA-35fr-h7jr-hh86 was published for com.linecorp.armeria:armeria (Maven) Dec 6, 2019
JLLeitschuh
Low severity vulnerability that affects com.linecorp.armeria:armeria Moderate
CVE-2019-16771 was published for com.linecorp.armeria:armeria (Maven) Dec 5, 2019
SunBK201
ProTip! Advisories are also available from the GraphQL API