GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
27 advisories
Filter by severity
Moderate severity vulnerability that affects io.vertx:vertx-core
Moderate
CVE-2018-12537
was published
for
io.vertx:vertx-core
(Maven)
Oct 19, 2018
undici before v5.8.0 vulnerable to CRLF injection in request headers
Moderate
CVE-2022-31150
was published
for
undici
(npm)
Jul 21, 2022
Improper Neutralization of CRLF Sequences in Wildfly Undertow
Moderate
CVE-2016-4993
was published
for
org.wildfly:wildfly-undertow
(Maven)
May 17, 2022
undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect
Low
CVE-2022-31151
was published
for
undici
(npm)
Jul 21, 2022
phpservermon is vulnerable to CRLF Injection
Moderate
CVE-2021-4097
was published
for
phpservermon/phpservermon
(Composer)
Dec 16, 2021
Nodejs ‘undici’ vulnerable to CRLF Injection via Content-Type
Moderate
CVE-2022-35948
was published
for
undici
(npm)
Aug 18, 2022
CRLF Injection in microweber
High
CVE-2022-0666
was published
for
microweber/microweber
(Composer)
Feb 19, 2022
CRLF vulnerability in Fiber
Moderate
CVE-2020-15111
was published
for
github.com/gofiber/fiber
(Go)
Jun 29, 2021
CRLF Injection in Nodejs ‘undici’ via host
Moderate
CVE-2023-23936
was published
for
undici
(npm)
Feb 16, 2023
Cachet vulnerable to new line injection during configuration edition
High
CVE-2021-39172
was published
for
cachethq/cachet
(Composer)
Aug 30, 2021
Headers containing newline characters can split messages in hyper
Moderate
CVE-2017-18587
was published
for
hyper
(Rust)
Aug 25, 2021
Async HTTP Client has CRLF Injection vulnerability in HTTP request headers
High
CVE-2023-0040
was published
for
github.com/swift-server/async-http-client
(Swift)
Jun 7, 2023
Mail Gem CRLF Injection vulnerability
Moderate
CVE-2015-9097
was published
for
mail
(RubyGems)
Oct 24, 2017
Joomla! vulnerable to CRLF injection
Moderate
CVE-2007-4190
was published
for
joomla/application
(Composer)
May 1, 2022
dio vulnerable to CRLF injection with HTTP method string
High
CVE-2021-31402
was published
for
dio
(Pub)
Mar 21, 2023
Duplicate Advisory: Improper Neutralization of CRLF Sequences in dio
High
GHSA-jwpw-q68h-r678
was published
for
dio
(Pub)
May 24, 2022
•
withdrawn
Improper Neutralization of CRLF Sequences in urllib3 library for Python
Moderate
CVE-2019-11236
was published
for
urllib3
(pip)
May 13, 2022
Moodle CRLF Injection Vulnerability in Calendar Component
Moderate
CVE-2011-4203
was published
for
moodle/moodle
(Composer)
May 13, 2022
Tornado has a CRLF injection in CurlAsyncHTTPClient headers
Moderate
GHSA-w235-7p84-xx57
was published
for
tornado
(pip)
Jun 6, 2024
bottle.py vulnerable to CRLF Injection
Moderate
CVE-2016-9964
was published
for
bottle
(pip)
May 17, 2022
Gunicorn contains Improper Neutralization of CRLF sequences in HTTP headers
High
CVE-2018-1000164
was published
for
gunicorn
(pip)
Jul 12, 2018
Kallithea CRLF injection vulnerability
High
CVE-2015-5285
was published
for
kallithea
(pip)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API