Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,952
Erlang
39
GitHub Actions
38
Go
2,609
Maven
5,000+
npm
4,252
NuGet
757
pip
4,023
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

31 advisories

Loading
CRLF-injection in KeeneticOS before 4.3 at "/auth" API endpoint allows attackers to take over the... Moderate Unreviewed
CVE-2025-56007 was published Oct 23, 2025
CLRF injection in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before... Moderate Unreviewed
CVE-2025-0293 was published Jul 8, 2025
An unauthenticated attacker may perform a blind server side request forgery (SSRF), due to a CLRF... Moderate Unreviewed
CVE-2024-51981 was published Jun 26, 2025
An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported... Moderate Unreviewed
CVE-2024-50405 was published Mar 7, 2025
An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported... Moderate Unreviewed
CVE-2024-48867 was published Dec 6, 2024
lunary-ai/lunary v1.2.26 contains an email injection vulnerability in the Send email verification... Moderate Unreviewed
CVE-2024-7472 was published Oct 29, 2024
A vulnerability was found in Ritlabs TinyWeb Server 1.94. It has been classified as problematic.... Moderate Unreviewed
CVE-2024-5193 was published May 22, 2024
A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9... Moderate Unreviewed
CVE-2023-4768 was published Nov 3, 2023
A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9... Moderate Unreviewed
CVE-2023-4767 was published Nov 3, 2023
All versions of the package ithewei/libhv are vulnerable to CRLF Injection when untrusted user... Moderate Unreviewed
CVE-2023-26148 was published Sep 29, 2023
All versions of the package drogonframework/drogon are vulnerable to CRLF Injection when... Moderate Unreviewed
CVE-2023-26138 was published Jul 6, 2023
A vulnerability in the Clientless SSL VPN (WebVPN) of Cisco Adaptive Security Appliance (ASA)... Moderate Unreviewed
CVE-2020-3561 was published May 24, 2022
Incorrect implementation in Content Security Policy in Google Chrome prior to 67.0.3396.79... Moderate Unreviewed
CVE-2018-6148 was published May 24, 2022
An issue was discovered in Weaver e-cology 9.0. There is a CRLF Injection vulnerability via the ... Moderate Unreviewed
CVE-2019-10272 was published May 24, 2022
HTTP header injection vulnerability in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2... Moderate Unreviewed
CVE-2017-2111 was published May 17, 2022
An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is a home/seos... Moderate Unreviewed
CVE-2017-8791 was published May 17, 2022
An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is a CRLF... Moderate Unreviewed
CVE-2017-8788 was published May 17, 2022
CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote... Moderate Unreviewed
CVE-2017-5868 was published May 17, 2022
CRLF injection vulnerability in the url_parse function in url.c in Wget through 1.19.1 allows... Moderate Unreviewed
CVE-2017-6508 was published May 17, 2022
CRLF injection vulnerability in IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband... Moderate Unreviewed
CVE-2014-9564 was published May 17, 2022
CrushFTP before 7.8.0 and 8.x before 8.2.0 has an HTTP header vulnerability. Moderate Unreviewed
CVE-2017-14037 was published May 17, 2022
CRLF injection vulnerability in OXID eShop Professional Edition before 4.7.11 and 4.8.x before 4... Moderate Unreviewed
CVE-2014-2017 was published May 14, 2022
Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a... Moderate Unreviewed
CVE-2015-9096 was published May 14, 2022
CRLF injection vulnerability in Infoblox Network Automation NetMRI before 7.1.1 allows remote... Moderate Unreviewed
CVE-2016-6484 was published May 14, 2022
CRLF injection vulnerability in VMware vCenter Server 6.0 before U2 and ESXi 6.0 allows remote... Moderate Unreviewed
CVE-2016-5331 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database