GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
62 advisories
Filter by severity
CRLF injection in Refit's [Header], [HeaderCollection] and [Authorize] attributes
Critical
CVE-2024-51501
was published
for
Refit
(NuGet)
Nov 4, 2024
CRLF Injection in RestSharp's `RestRequest.AddHeader` method
Moderate
CVE-2024-45302
was published
for
RestSharp
(NuGet)
Aug 29, 2024
A CRLF cross-site scripting vulnerability has been identified in certain configurations of the...
High
Unreviewed
CVE-2024-36459
was published
Jun 14, 2024
Tornado has a CRLF injection in CurlAsyncHTTPClient headers
Moderate
GHSA-w235-7p84-xx57
was published
for
tornado
(pip)
Jun 6, 2024
A vulnerability was found in Ritlabs TinyWeb Server 1.94. It has been classified as problematic....
Moderate
Unreviewed
CVE-2024-5193
was published
May 22, 2024
The software does not neutralize or incorrectly neutralizes certain characters before the data is...
High
Unreviewed
CVE-2024-1226
was published
Mar 12, 2024
A vulnerability in the SAML authentication process of Cisco Secure Client could allow an...
High
Unreviewed
CVE-2024-20337
was published
Mar 6, 2024
A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9...
Moderate
Unreviewed
CVE-2023-4768
was published
Nov 3, 2023
A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9...
Moderate
Unreviewed
CVE-2023-4767
was published
Nov 3, 2023
All versions of the package ithewei/libhv are vulnerable to CRLF Injection when untrusted user...
Moderate
Unreviewed
CVE-2023-26148
was published
Sep 29, 2023
All versions of the package drogonframework/drogon are vulnerable to CRLF Injection when...
Moderate
Unreviewed
CVE-2023-26138
was published
Jul 6, 2023
Async HTTP Client has CRLF Injection vulnerability in HTTP request headers
High
CVE-2023-0040
was published
for
github.com/swift-server/async-http-client
(Swift)
Jun 7, 2023
Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when...
High
Unreviewed
CVE-2023-26130
was published
May 30, 2023
dio vulnerable to CRLF injection with HTTP method string
High
CVE-2021-31402
was published
for
dio
(Pub)
Mar 21, 2023
CRLF Injection in Nodejs ‘undici’ via host
Moderate
CVE-2023-23936
was published
for
undici
(npm)
Feb 16, 2023
Nodejs ‘undici’ vulnerable to CRLF Injection via Content-Type
Moderate
CVE-2022-35948
was published
for
undici
(npm)
Aug 18, 2022
undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect
Low
CVE-2022-31151
was published
for
undici
(npm)
Jul 21, 2022
undici before v5.8.0 vulnerable to CRLF injection in request headers
Moderate
CVE-2022-31150
was published
for
undici
(npm)
Jul 21, 2022
Duplicate Advisory: Improper Neutralization of CRLF Sequences in dio
High
GHSA-jwpw-q68h-r678
was published
for
dio
(Pub)
May 24, 2022
•
withdrawn
A vulnerability in the Clientless SSL VPN (WebVPN) of Cisco Adaptive Security Appliance (ASA)...
Moderate
Unreviewed
CVE-2020-3561
was published
May 24, 2022
cPanel before 57.9999.105 allows newline injection via LOC records (CPANEL-6923).
High
Unreviewed
CVE-2016-10803
was published
May 24, 2022
Incorrect implementation in Content Security Policy in Google Chrome prior to 67.0.3396.79...
Moderate
Unreviewed
CVE-2018-6148
was published
May 24, 2022
GitLab CE/EE versions 8.18 up to 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11...
High
Unreviewed
CVE-2018-19585
was published
May 24, 2022
An issue was discovered in Weaver e-cology 9.0. There is a CRLF Injection vulnerability via the ...
Moderate
Unreviewed
CVE-2019-10272
was published
May 24, 2022
bottle.py vulnerable to CRLF Injection
Moderate
CVE-2016-9964
was published
for
bottle
(pip)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API