Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,851
Erlang
36
GitHub Actions
35
Go
2,481
Maven
5,000+
npm
4,100
NuGet
734
pip
3,914
Pub
12
RubyGems
945
Rust
1,016
Swift
39
Unreviewed advisories
All unreviewed
5,000+

77 advisories

Loading
h2 allows HTTP Request Smuggling due to illegal characters in headers Moderate
CVE-2025-57804 was published for h2 (pip) Aug 25, 2025
sebastianosrt mhils
Improper neutralization of newlines in pg_dump in PostgreSQL allows a user of the origin server... High Unreviewed
CVE-2025-8715 was published Aug 14, 2025
Keycloak-services SMTP Inject Vulnerability Moderate
CVE-2025-8419 was published for org.keycloak:keycloak-services (Maven) Aug 6, 2025
Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in DECE Software Geodi... High Unreviewed
CVE-2025-6175 was published Jul 29, 2025
CLRF injection in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before... Moderate Unreviewed
CVE-2025-0293 was published Jul 8, 2025
An unauthenticated attacker may perform a blind server side request forgery (SSRF), due to a CLRF... Moderate Unreviewed
CVE-2024-51981 was published Jun 26, 2025
SQL injection vulnerability in AES Multimedia's Gestnet v1.07. This vulnerability allows an... Critical Unreviewed
CVE-2025-40671 was published May 26, 2025
An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported... Moderate Unreviewed
CVE-2024-50405 was published Mar 7, 2025
An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported... High Unreviewed
CVE-2024-53693 was published Mar 7, 2025
Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection Moderate
CVE-2025-27111 was published for rack (RubyGems) Mar 4, 2025
Masamuneee ioquatix
jeremyevans
Possible Log Injection in Rack::CommonLogger Moderate
CVE-2025-25184 was published for rack (RubyGems) Feb 12, 2025
HexSave jeremyevans
ioquatix taketo1113 nick-f vladimir-mencl-eresearch lostapathy matthewbjones lfittl
The Umbraco Heartcore headless client library uses a vulnerable Refit dependency package Low
GHSA-mgr7-5782-6jh9 was published for Umbraco.Headless.Client.Net (NuGet) Jan 13, 2025
An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported... Moderate Unreviewed
CVE-2024-48867 was published Dec 6, 2024
An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported... High Unreviewed
CVE-2024-48868 was published Dec 6, 2024
CRLF injection in Refit's [Header], [HeaderCollection] and [Authorize] attributes Critical
CVE-2024-51501 was published for Refit (NuGet) Nov 4, 2024
sofiaml glennawatson
CRLF Injection in RestSharp's `RestRequest.AddHeader` method Moderate
CVE-2024-45302 was published for RestSharp (NuGet) Aug 29, 2024
sofiaml Static-Flow
A CRLF cross-site scripting vulnerability has been identified in certain configurations of the... High Unreviewed
CVE-2024-36459 was published Jun 14, 2024
Tornado has a CRLF injection in CurlAsyncHTTPClient headers Moderate
GHSA-w235-7p84-xx57 was published for tornado (pip) Jun 6, 2024
sha0sum mschwager
ahpaleus
A CRLF Injection vulnerability in Ivanti Connect Secure (9.x, 22.x) allows an authenticated high... High Unreviewed
CVE-2023-38551 was published May 31, 2024
A vulnerability was found in Ritlabs TinyWeb Server 1.94. It has been classified as problematic.... Moderate Unreviewed
CVE-2024-5193 was published May 22, 2024
The software does not neutralize or incorrectly neutralizes certain characters before the data is... High Unreviewed
CVE-2024-1226 was published Mar 12, 2024
A vulnerability in the SAML authentication process of Cisco Secure Client could allow an... High Unreviewed
CVE-2024-20337 was published Mar 6, 2024
A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9... Moderate Unreviewed
CVE-2023-4767 was published Nov 3, 2023
A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9... Moderate Unreviewed
CVE-2023-4768 was published Nov 3, 2023
All versions of the package ithewei/libhv are vulnerable to CRLF Injection when untrusted user... Moderate Unreviewed
CVE-2023-26148 was published Sep 29, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database