Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,698
Maven
5,000+
npm
4,325
NuGet
761
pip
4,099
Pub
12
RubyGems
958
Rust
1,063
Swift
45
Unreviewed advisories
All unreviewed
5,000+

40 advisories

Loading
Nodemailer: Email to an unintended domain can occur due to Interpretation Conflict Moderate
CVE-2025-13033 was published for nodemailer (npm) Oct 7, 2025
xclow3n
Credited to xclow3n
OpenStack Nova vulnerable to unauthorized access to potentially sensitive data Moderate
CVE-2024-40767 was published for Nova (pip) Jul 24, 2024
uv allows ZIP payload obfuscation through parsing differentials Moderate
GHSA-pqhf-p39g-3x64 was published for uv (pip) Oct 29, 2025
calebbrown woodruffw
zanieb
Credited to calebbrown, woodruffw, and zanieb
uv allows ZIP payload obfuscation through parsing differentials Moderate
CVE-2025-54368 was published for uv (pip) Aug 7, 2025
charliermarsh zanieb
woodruffw thatch calebbrown
Credited to charliermarsh, zanieb, woodruffw, thatch, and calebbrown
An HTTP response splitting attack in web application in ASUS RT-AX88U before v3.0.0.4.388.20558... Moderate Unreviewed
CVE-2021-41437 was published Sep 27, 2022
An improper neutralization of crlf sequences in http headers ('http response splitting') in... Moderate Unreviewed
CVE-2024-54021 was published Jan 14, 2025
Missing validation of header name and value in codeigniter4/framework Moderate
CVE-2025-24013 was published for codeigniter4/framework (Composer) Jan 21, 2025
neznaika0
Credited to neznaika0
An issue was discovered in Suricata 5.0.0. It is possible to bypass/evade any tcp based signature... Moderate Unreviewed
CVE-2019-18792 was published May 24, 2022
Gateway API route matching order contradicts specification Moderate
CVE-2024-42487 was published for github.com/cilium/cilium (Go) Aug 15, 2024
sayboras
Credited to sayboras
IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions... Moderate Unreviewed
CVE-2024-45097 was published Sep 5, 2024
btcd susceptible to consensus failures Moderate
CVE-2024-34478 was published for github.com/btcsuite/btcd (Go) May 5, 2024
A vulnerability in the activation of an access control list (ACL) on Cisco Adaptive Security... Moderate Unreviewed
CVE-2024-20293 was published May 22, 2024
Softing Secure Integration Server Interpretation Conflict Remote Code Execution Vulnerability.... Moderate Unreviewed
CVE-2023-39481 was published May 3, 2024
An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents... Moderate Unreviewed
CVE-2024-3386 was published Apr 10, 2024
CarrierWave content-Type allowlist bypass vulnerability which possibly leads to XSS remained Moderate
CVE-2024-29034 was published for carrierwave (RubyGems) Mar 25, 2024
a-zara-n
Credited to a-zara-n
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') in trillium-http and trillium-client Moderate
CVE-2024-23644 was published for trillium-client (Rust) Jan 24, 2024
divergentdave
Credited to divergentdave
IBM PowerSC 1.3, 2.0, and 2.1 uses insecure HTTP methods which could allow a remote attacker to... Moderate Unreviewed
CVE-2023-50327 was published Feb 2, 2024
Bref Doesn't Support Multiple Value Headers in ApiGatewayFormatV2 Moderate
CVE-2024-24753 was published for bref/bref (Composer) Feb 1, 2024
smaury mnapoli
Credited to smaury and mnapoli
The vulnerability allows a remote attacker to inject arbitrary HTTP response headers or... Moderate Unreviewed
CVE-2023-48256 was published Jan 10, 2024
Improper header name validation in guzzlehttp/psr7 Moderate
CVE-2023-29197 was published for guzzlehttp/psr7 (Composer) Apr 19, 2023
Nyholm TimWolla
GrahamCampbell
Credited to Nyholm, TimWolla, and GrahamCampbell
The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted... Moderate Unreviewed
CVE-2023-29406 was published Jul 11, 2023
OpenZeppelin Contracts TransparentUpgradeableProxy clashing selector calls may not be delegated Moderate
CVE-2023-30541 was published for @openzeppelin/contracts (npm) Apr 17, 2023
MarkLee131
Credited to MarkLee131
Insecure header validation in slim/psr7 Moderate
CVE-2023-30536 was published for slim/psr7 (Composer) Apr 18, 2023
GrahamCampbell akrabat
williamdes
Credited to GrahamCampbell, akrabat, and williamdes
Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be... Moderate Unreviewed
CVE-2022-37436 was published Jan 17, 2023
Ethereum Contains Consensus Flaw During Block Processing Moderate
CVE-2021-39137 was published for github.com/ethereum/go-ethereum (Go) Aug 30, 2021
guidovranken
Credited to guidovranken
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database