Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,476
Erlang
33
GitHub Actions
24
Go
2,207
Maven
5,000+
npm
3,858
NuGet
696
pip
3,639
Pub
12
RubyGems
913
Rust
918
Swift
38
Unreviewed advisories
All unreviewed
5,000+

46 advisories

Loading
Pitchfork HTTP Request/Response Splitting vulnerability Moderate
CVE-2025-30221 was published for pitchfork (RubyGems) Mar 27, 2025
In affected versions of Octopus Server it was possible for a user with sufficient access to set... Moderate Unreviewed
CVE-2025-0588 was published Feb 11, 2025
cpp-httplib version v0.17.3 through v0.18.3 fails to filter CRLF characters ("\r\n") when those... Moderate Unreviewed
CVE-2025-0825 was published Feb 4, 2025
An improper neutralization of crlf sequences in http headers ('http response splitting') in... Moderate Unreviewed
CVE-2024-54021 was published Jan 14, 2025
CRLF Injection in RestSharp's `RestRequest.AddHeader` method Moderate
CVE-2024-45302 was published for RestSharp (NuGet) Aug 29, 2024
sofiaml Static-Flow
Gateway API route matching order contradicts specification Moderate
CVE-2024-42487 was published for github.com/cilium/cilium (Go) Aug 15, 2024
sayboras
A vulnerability in the web-based management API of Cisco AsyncOS Software for Cisco Secure Email... Moderate Unreviewed
CVE-2024-20392 was published May 15, 2024
HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can... Moderate Unreviewed
CVE-2024-24795 was published Apr 4, 2024
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') in trillium-http and trillium-client Moderate
CVE-2024-23644 was published for trillium-client (Rust) Jan 24, 2024
divergentdave
The vulnerability allows a remote attacker to inject arbitrary HTTP response headers or... Moderate Unreviewed
CVE-2023-48256 was published Jan 10, 2024
All versions of the package ithewei/libhv are vulnerable to HTTP Response Splitting when... Moderate Unreviewed
CVE-2023-26147 was published Sep 29, 2023
All versions of the package crow are vulnerable to HTTP Response Splitting when untrusted user... Moderate Unreviewed
CVE-2023-26142 was published Sep 19, 2023
Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1... Moderate Unreviewed
CVE-2023-41834 was published Sep 19, 2023
The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted... Moderate Unreviewed
CVE-2023-29406 was published Jul 11, 2023
All versions of the package drogonframework/drogon are vulnerable to HTTP Response Splitting when... Moderate Unreviewed
CVE-2023-26137 was published Jul 6, 2023
AMI SPx contains a vulnerability in the BMC where an Attacker may cause an improper... Moderate Unreviewed
CVE-2023-34472 was published Jul 5, 2023
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15... Moderate Unreviewed
CVE-2023-0508 was published Jun 7, 2023
SwiftNIO vulnerable to Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') Moderate
CVE-2022-3215 was published for github.com/apple/swift-nio (Swift) Jun 7, 2023
dellalibera
Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be... Moderate Unreviewed
CVE-2022-37436 was published Jan 17, 2023
Netty vulnerable to HTTP Response splitting from assigning header value iterator Moderate
CVE-2022-41915 was published for io.netty:netty-codec-http (Maven) Dec 12, 2022
rafalambrozewicz anderruiz
A vulnerability in Cisco Email Security Appliance (ESA) and Cisco Secure Email and Web Manager... Moderate Unreviewed
CVE-2022-20772 was published Nov 4, 2022
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is... Moderate Unreviewed
CVE-2020-10753 was published May 24, 2022
An issue was discovered in Netdata 1.10.0. HTTP Header Injection exists via the api/v1/data... Moderate Unreviewed
CVE-2018-18837 was published May 24, 2022
Drupal CRLF injection vulnerability in the drupal_set_header function Moderate
CVE-2016-3166 was published for drupal/core (Composer) May 17, 2022
CRLF injection vulnerability in Huawei FusionAccess before V100R006C00 allows remote attackers to... Moderate Unreviewed
CVE-2016-6839 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database