Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,974
Maven
5,000+
npm
4,621
NuGet
788
pip
4,317
Pub
12
RubyGems
984
Rust
1,131
Swift
49
Unreviewed advisories
All unreviewed
5,000+

67 advisories

Loading
Due to improper memory management in SAP NetWeaver and ABAP Platform (Application Server ABAP),... Low Unreviewed
CVE-2026-24320 was published Feb 10, 2026
Due to a CRLF Injection vulnerability in SAP NetWeaver Application Server Java, an authenticated... Low Unreviewed
CVE-2026-23686 was published Feb 10, 2026
Gakido vulnerable to HTTP Header Injection (CRLF Injection) Moderate
CVE-2026-24489 was published for gakido (pip) Jan 26, 2026
omarkurt
Credited to omarkurt
BlackSheep's ClientSession is vulnerable to CRLF injection Moderate
CVE-2026-22779 was published for blacksheep (pip) Jan 14, 2026
tr4ce-ju
Credited to tr4ce-ju
CGI::Simple versions before 1.282 for Perl has a HTTP response splitting flaw This vulnerability... High Unreviewed
CVE-2025-40927 was published Aug 29, 2025
SAP S/4HANA Supplier invoice is vulnerable to CRLF Injection. An attacker with user-level... Moderate Unreviewed
CVE-2025-42934 was published Aug 12, 2025
Spring Framework vulnerable to a reflected file download (RFD) Moderate
CVE-2025-41234 was published for org.springframework:spring-web (Maven) Jun 13, 2025
Pitchfork HTTP Request/Response Splitting vulnerability Moderate
CVE-2025-30221 was published for pitchfork (RubyGems) Mar 27, 2025
In affected versions of Octopus Server it was possible for a user with sufficient access to set... Moderate Unreviewed
CVE-2025-0588 was published Feb 11, 2025
cpp-httplib version v0.17.3 through v0.18.3 fails to filter CRLF characters ("\r\n") when those... Moderate Unreviewed
CVE-2025-0825 was published Feb 4, 2025
An issue was discovered in GFI Kerio Control 9.2.5 through 9.4.5. The dest GET parameter passed... High Unreviewed
CVE-2024-52875 was published Jan 31, 2025
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')... Low Unreviewed
CVE-2024-45687 was published Jan 21, 2025
An improper neutralization of crlf sequences in http headers ('http response splitting') in... Moderate Unreviewed
CVE-2024-54021 was published Jan 14, 2025
CRLF Injection in RestSharp's `RestRequest.AddHeader` method Moderate
CVE-2024-45302 was published for RestSharp (NuGet) Aug 29, 2024
sofiaml Static-Flow
Credited to sofiaml and Static-Flow
Gateway API route matching order contradicts specification Moderate
CVE-2024-42487 was published for github.com/cilium/cilium (Go) Aug 15, 2024
sayboras
Credited to sayboras
A CRLF injection vulnerability in E-Staff v5.1 allows attackers to insert Carriage Return (CR)... Critical Unreviewed
CVE-2024-40324 was published Jul 25, 2024
A vulnerability in the web-based management API of Cisco AsyncOS Software for Cisco Secure Email... Moderate Unreviewed
CVE-2024-20392 was published May 15, 2024
HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can... Moderate Unreviewed
CVE-2024-24795 was published Apr 4, 2024
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') in trillium-http and trillium-client Moderate
CVE-2024-23644 was published for trillium-client (Rust) Jan 24, 2024
divergentdave
Credited to divergentdave
The vulnerability allows a remote attacker to inject arbitrary HTTP response headers or... Moderate Unreviewed
CVE-2023-48256 was published Jan 10, 2024
All versions of the package ithewei/libhv are vulnerable to HTTP Response Splitting when... Moderate Unreviewed
CVE-2023-26147 was published Sep 29, 2023
All versions of the package crow are vulnerable to HTTP Response Splitting when untrusted user... Moderate Unreviewed
CVE-2023-26142 was published Sep 19, 2023
Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1... Moderate Unreviewed
CVE-2023-41834 was published Sep 19, 2023
The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted... Moderate Unreviewed
CVE-2023-29406 was published Jul 11, 2023
In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions... High Unreviewed
CVE-2023-32708 was published Jul 6, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database