Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,758
Maven
5,000+
npm
4,364
NuGet
766
pip
4,132
Pub
12
RubyGems
961
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

79 advisories

Loading
Amavis before 2.12.3 and 2.13.x before 2.13.1, in part because of its use of MIME-tools, has an... High Unreviewed
CVE-2024-28054 was published Mar 18, 2024
IBM PowerSC 1.3, 2.0, and 2.1 uses insecure HTTP methods which could allow a remote attacker to... Moderate Unreviewed
CVE-2023-50327 was published Feb 2, 2024
Bref vulnerable to Body Parsing Inconsistency in Event-Driven Functions Low
CVE-2024-24754 was published for bref/bref (Composer) Feb 1, 2024
smaury
Credited to smaury
Bref Doesn't Support Multiple Value Headers in ApiGatewayFormatV2 Moderate
CVE-2024-24753 was published for bref/bref (Composer) Feb 1, 2024
smaury mnapoli
Credited to smaury and mnapoli
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') in trillium-http and trillium-client Moderate
CVE-2024-23644 was published for trillium-client (Rust) Jan 24, 2024
divergentdave
Credited to divergentdave
The vulnerability allows a remote attacker to inject arbitrary HTTP response headers or... Moderate Unreviewed
CVE-2023-48256 was published Jan 10, 2024
A interpretation conflict in Fortinet IPS Engine versions 7.321, 7.166 and 6.158 allows attacker... High Unreviewed
CVE-2023-40718 was published Oct 10, 2023
The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted... Moderate Unreviewed
CVE-2023-29406 was published Jul 11, 2023
In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions... High Unreviewed
CVE-2023-32708 was published Jul 6, 2023
There is a misinterpretation of input vulnerability in Huawei Printer. Successful exploitation of... High Unreviewed
CVE-2022-48471 was published Jun 16, 2023
There is a misinterpretation of input vulnerability in Huawei Printer. Successful exploitation of... High Unreviewed
CVE-2022-48473 was published Jun 16, 2023
Improper Input Validation in nyholm/psr7 Moderate
GHSA-wjfc-pgfp-pv9c was published for nyholm/psr7 (Composer) Apr 21, 2023
Improper header validation in httpsoft/http-message Moderate
GHSA-9jxr-mwpp-w643 was published for httpsoft/http-message (Composer) Apr 21, 2023
devanych
Credited to devanych
Improper header name validation in guzzlehttp/psr7 Moderate
CVE-2023-29197 was published for guzzlehttp/psr7 (Composer) Apr 19, 2023
Nyholm TimWolla
GrahamCampbell
Credited to Nyholm, TimWolla, and GrahamCampbell
Insecure header validation in slim/psr7 Moderate
CVE-2023-30536 was published for slim/psr7 (Composer) Apr 18, 2023
GrahamCampbell akrabat
williamdes
Credited to GrahamCampbell, akrabat, and williamdes
OpenZeppelin Contracts TransparentUpgradeableProxy clashing selector calls may not be delegated Moderate
CVE-2023-30541 was published for @openzeppelin/contracts (npm) Apr 17, 2023
MarkLee131
Credited to MarkLee131
In the Linux kernel before 6.0.3, drivers/gpu/drm/virtio/virtgpu_object.c misinterprets the... Moderate Unreviewed
CVE-2023-22998 was published Feb 28, 2023
There is a misinterpretation of input vulnerability in BiSheng-WNM FW 3.0.0.325. Successful... High Unreviewed
CVE-2022-48261 was published Feb 27, 2023
There is a misinterpretation of input vulnerability in BiSheng-WNM FW 3.0.0.325. Successful... High Unreviewed
CVE-2022-48230 was published Feb 27, 2023
A improper neutralization of crlf sequences in http headers ('http response splitting') in... Moderate Unreviewed
CVE-2022-42472 was published Feb 16, 2023
URI validation failure on SVG parsing. Bypass of CVE-2023-23924 Critical
CVE-2023-24813 was published for dompdf/dompdf (Composer) Feb 7, 2023
Ry0taK
Credited to Ry0taK
Header injection in TurboGears Critical
CVE-2019-25101 was published for TurboGears (pip) Feb 4, 2023
In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed... High Unreviewed
CVE-2022-48279 was published Jan 20, 2023
Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be... Moderate Unreviewed
CVE-2022-37436 was published Jan 17, 2023
Apache Shiro Interpretation Conflict vulnerability High
CVE-2023-22602 was published for org.apache.shiro:shiro-root (Maven) Jan 14, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database