GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,703
NuGet
661
pip
3,329
Pub
11
RubyGems
884
Rust
844
Swift
36
Unreviewed advisories
All unreviewed
5,000+
18 advisories
Filter by severity
Low severity vulnerability that affects com.linecorp.armeria:armeria
Moderate
CVE-2019-16771
was published
for
com.linecorp.armeria:armeria
(Maven)
Dec 5, 2019
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') in Armeria
Moderate
GHSA-35fr-h7jr-hh86
was published
for
com.linecorp.armeria:armeria
(Maven)
Dec 6, 2019
Limited header injection when using dynamic overrides with user input in RubyGems secure_headers
Moderate
CVE-2020-5216
was published
for
secure_headers
(RubyGems)
Jan 23, 2020
HTTP Response Splitting in Puma
Moderate
CVE-2020-5247
was published
for
puma
(RubyGems)
Feb 28, 2020
HTTP Response Splitting (Early Hints) in Puma
Moderate
CVE-2020-5249
was published
for
puma
(RubyGems)
Mar 3, 2020
Inconsistent Interpretation of HTTP Requests in github.com/gin-gonic/gin
High
CVE-2020-28483
was published
for
github.com/gin-gonic/gin
(Go)
Jun 23, 2021
HTTP Response Splitting in WSO2 transport-http
Moderate
CVE-2019-10797
was published
for
org.wso2.transport.http:org.wso2.transport.http.netty
(Maven)
Feb 9, 2022
phpMyAdmin HTTP Response Splitting Vulnerability
High
CVE-2009-1149
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 2, 2022
Moodle CRLF Injection Vulnerability in Calendar Component
Moderate
CVE-2011-4203
was published
for
moodle/moodle
(Composer)
May 13, 2022
Improper Neutralization of CRLF Sequences in HTTP Headers in Undertow
Moderate
CVE-2018-1067
was published
for
org.jboss.eap:wildfly-undertow
(Maven)
May 13, 2022
Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Tomcat
Moderate
CVE-2014-0099
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Drupal CRLF injection vulnerability in the drupal_set_header function
Moderate
CVE-2016-3166
was published
for
drupal/core
(Composer)
May 17, 2022
Netty vulnerable to HTTP Response splitting from assigning header value iterator
Moderate
CVE-2022-41915
was published
for
io.netty:netty-codec-http
(Maven)
Dec 12, 2022
Header injection in TurboGears
Critical
CVE-2019-25101
was published
for
TurboGears
(pip)
Feb 4, 2023
SwiftNIO vulnerable to Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
Moderate
CVE-2022-3215
was published
for
github.com/apple/swift-nio
(Swift)
Jun 7, 2023
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') in trillium-http and trillium-client
Moderate
CVE-2024-23644
was published
for
trillium-client
(Rust)
Jan 24, 2024
Gateway API route matching order contradicts specification
Moderate
CVE-2024-42487
was published
for
github.com/cilium/cilium
(Go)
Aug 15, 2024
CRLF Injection in RestSharp's `RestRequest.AddHeader` method
Moderate
CVE-2024-45302
was published
for
RestSharp
(NuGet)
Aug 29, 2024
ProTip!
Advisories are also available from the
GraphQL API