GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
17 advisories
Filter by severity
Mail Gem CRLF Injection vulnerability
Moderate
CVE-2015-9097
was published
for
mail
(RubyGems)
Oct 24, 2017
Moderate severity vulnerability that affects io.vertx:vertx-core
Moderate
CVE-2018-12537
was published
for
io.vertx:vertx-core
(Maven)
Oct 19, 2018
CRLF vulnerability in Fiber
Moderate
CVE-2020-15111
was published
for
github.com/gofiber/fiber
(Go)
Jun 29, 2021
Headers containing newline characters can split messages in hyper
Moderate
CVE-2017-18587
was published
for
hyper
(Rust)
Aug 25, 2021
phpservermon is vulnerable to CRLF Injection
Moderate
CVE-2021-4097
was published
for
phpservermon/phpservermon
(Composer)
Dec 16, 2021
Joomla! vulnerable to CRLF injection
Moderate
CVE-2007-4190
was published
for
joomla/application
(Composer)
May 1, 2022
Improper Neutralization of CRLF Sequences in urllib3 library for Python
Moderate
CVE-2019-11236
was published
for
urllib3
(pip)
May 13, 2022
Moodle CRLF Injection Vulnerability in Calendar Component
Moderate
CVE-2011-4203
was published
for
moodle/moodle
(Composer)
May 13, 2022
Improper Neutralization of CRLF Sequences in Wildfly Undertow
Moderate
CVE-2016-4993
was published
for
org.wildfly:wildfly-undertow
(Maven)
May 17, 2022
undici before v5.8.0 vulnerable to CRLF injection in request headers
Moderate
CVE-2022-31150
was published
for
undici
(npm)
Jul 21, 2022
Nodejs ‘undici’ vulnerable to CRLF Injection via Content-Type
Moderate
CVE-2022-35948
was published
for
undici
(npm)
Aug 18, 2022
CRLF Injection in Nodejs ‘undici’ via host
Moderate
CVE-2023-23936
was published
for
undici
(npm)
Feb 16, 2023
Tornado has a CRLF injection in CurlAsyncHTTPClient headers
Moderate
GHSA-w235-7p84-xx57
was published
for
tornado
(pip)
Jun 6, 2024
CRLF Injection in RestSharp's `RestRequest.AddHeader` method
Moderate
CVE-2024-45302
was published
for
RestSharp
(NuGet)
Aug 29, 2024
ProTip!
Advisories are also available from the
GraphQL API