Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,744
Maven
5,000+
npm
4,341
NuGet
765
pip
4,113
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

63 advisories

Loading
CGI::Simple versions before 1.282 for Perl has a HTTP response splitting flaw This vulnerability... High Unreviewed
CVE-2025-40927 was published Aug 29, 2025
SAP S/4HANA Supplier invoice is vulnerable to CRLF Injection. An attacker with user-level... Moderate Unreviewed
CVE-2025-42934 was published Aug 12, 2025
cpp-httplib version v0.17.3 through v0.18.3 fails to filter CRLF characters ("\r\n") when those... Moderate Unreviewed
CVE-2025-0825 was published Feb 4, 2025
In affected versions of Octopus Server it was possible for a user with sufficient access to set... Moderate Unreviewed
CVE-2025-0588 was published Feb 11, 2025
Spring Framework vulnerable to a reflected file download (RFD) Moderate
CVE-2025-41234 was published for org.springframework:spring-web (Maven) Jun 13, 2025
Improper neutralization of CRLF sequences in HTTP headers vulnerability in Intel Security... High Unreviewed
CVE-2016-8024 was published May 17, 2022
Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Tomcat Moderate
CVE-2014-0099 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ
Credited to sunSUNQ
CRLF injection vulnerability in the ServerResponse#writeHead function in Node.js 0.10.x before 0... Moderate Unreviewed
CVE-2016-5325 was published May 14, 2022
Pitchfork HTTP Request/Response Splitting vulnerability Moderate
CVE-2025-30221 was published for pitchfork (RubyGems) Mar 27, 2025
Jenkins has CRLF Injection Vulnerability in the CLI Moderate
CVE-2016-0789 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Jenkins allows HTTP Injection and Response Splitting Moderate
CVE-2012-6072 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
An improper neutralization of crlf sequences in http headers ('http response splitting') in... Moderate Unreviewed
CVE-2024-54021 was published Jan 14, 2025
An issue was discovered in GFI Kerio Control 9.2.5 through 9.4.5. The dest GET parameter passed... High Unreviewed
CVE-2024-52875 was published Jan 31, 2025
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')... Low Unreviewed
CVE-2024-45687 was published Jan 21, 2025
HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can... Moderate Unreviewed
CVE-2024-24795 was published Apr 4, 2024
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15... Moderate Unreviewed
CVE-2023-0508 was published Jun 7, 2023
CRLF Injection in RestSharp's `RestRequest.AddHeader` method Moderate
CVE-2024-45302 was published for RestSharp (NuGet) Aug 29, 2024
sofiaml Static-Flow
Credited to sofiaml and Static-Flow
Gateway API route matching order contradicts specification Moderate
CVE-2024-42487 was published for github.com/cilium/cilium (Go) Aug 15, 2024
sayboras
Credited to sayboras
A CRLF injection vulnerability in E-Staff v5.1 allows attackers to insert Carriage Return (CR)... Critical Unreviewed
CVE-2024-40324 was published Jul 25, 2024
Inconsistent Interpretation of HTTP Requests in github.com/gin-gonic/gin High
CVE-2020-28483 was published for github.com/gin-gonic/gin (Go) Jun 23, 2021
A vulnerability in the web-based management API of Cisco AsyncOS Software for Cisco Secure Email... Moderate Unreviewed
CVE-2024-20392 was published May 15, 2024
Low severity vulnerability that affects com.linecorp.armeria:armeria Moderate
CVE-2019-16771 was published for com.linecorp.armeria:armeria (Maven) Dec 5, 2019
SunBK201
Credited to SunBK201
Drupal CRLF injection vulnerability in the drupal_set_header function Moderate
CVE-2016-3166 was published for drupal/core (Composer) May 17, 2022
All versions of the package ithewei/libhv are vulnerable to HTTP Response Splitting when... Moderate Unreviewed
CVE-2023-26147 was published Sep 29, 2023
AMI SPx contains a vulnerability in the BMC where an Attacker may cause an improper... Moderate Unreviewed
CVE-2023-34472 was published Jul 5, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database