Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
55
GitHub Actions
50
Go
3,732
Maven
5,000+
npm
5,000+
NuGet
935
pip
4,952
Pub
13
RubyGems
1,055
Rust
1,343
Swift
54
Unreviewed advisories
All unreviewed
5,000+

133 advisories

Loading
CRLF injection vulnerability in IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband... Moderate Unreviewed
CVE-2014-9564 was published May 17, 2022
CrushFTP before 7.8.0 and 8.x before 8.2.0 has an HTTP header vulnerability. Moderate Unreviewed
CVE-2017-14037 was published May 17, 2022
Improper Neutralization of CRLF Sequences in Wildfly Undertow Moderate
CVE-2016-4993 was published for org.wildfly:wildfly-undertow (Maven) May 17, 2022
CRLF injection vulnerability in OXID eShop Professional Edition before 4.7.11 and 4.8.x before 4... Moderate Unreviewed
CVE-2014-2017 was published May 14, 2022
Insufficient restriction of IPP filters in CUPS in Google Chrome OS prior to 62.0.3202.74 allowed... High Unreviewed
CVE-2017-15400 was published May 14, 2022
Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a... Moderate Unreviewed
CVE-2015-9096 was published May 14, 2022
CRLF injection vulnerability in Infoblox Network Automation NetMRI before 7.1.1 allows remote... Moderate Unreviewed
CVE-2016-6484 was published May 14, 2022
CRLF injection vulnerability in VMware vCenter Server 6.0 before U2 and ESXi 6.0 allows remote... Moderate Unreviewed
CVE-2016-5331 was published May 14, 2022
Buildbot CRLF Injection Moderate
CVE-2019-7313 was published for buildbot (pip) May 14, 2022
Domoticz before 4.10579 neglects to categorize \n and \r as insecure argument options. High Unreviewed
CVE-2019-10678 was published May 14, 2022
Ansible Tower as shipped with Red Hat CloudForms Management Engine 5 is vulnerable to CRLF... Moderate Unreviewed
CVE-2017-7528 was published May 13, 2022
A Improper Neutralization of CRLF Sequences vulnerability in Open Build Service allows remote... High Unreviewed
CVE-2018-12477 was published May 13, 2022
Kallithea CRLF injection vulnerability High
CVE-2015-5285 was published for kallithea (pip) May 13, 2022
Moodle CRLF Injection Vulnerability in Calendar Component Moderate
CVE-2011-4203 was published for moodle/moodle (Composer) May 13, 2022
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through... Moderate Unreviewed
CVE-2019-9947 was published May 13, 2022
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through... Moderate Unreviewed
CVE-2019-9740 was published May 13, 2022
An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker... Moderate Unreviewed
CVE-2019-9741 was published May 13, 2022
Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir.... Moderate Unreviewed
CVE-2016-4975 was published May 13, 2022
Improper Neutralization of CRLF Sequences in urllib3 library for Python Moderate
CVE-2019-11236 was published for urllib3 (pip) May 13, 2022
CRLF injection vulnerability in the web-based management (WBM) interface in Unify (former Siemens... Moderate Unreviewed
CVE-2014-9563 was published May 13, 2022
Improper handling of multiline messages in node-irc High
GHSA-52rh-5rpj-c3w6 was published for matrix-org-irc (npm) May 5, 2022
kurt-r2c Credited to kurt-r2c and sunnypatell sunnypatell sunnypatell
Joomla! vulnerable to CRLF injection Moderate
CVE-2007-4190 was published for joomla/application (Composer) May 1, 2022
CRLF injection vulnerability in phpMyVisites before 2.2 allows remote attackers to inject... High Unreviewed
CVE-2007-0892 was published May 1, 2022
CRLF Injection in microweber High
CVE-2022-0666 was published for microweber/microweber (Composer) Feb 19, 2022
phpservermon is vulnerable to CRLF Injection Moderate
CVE-2021-4097 was published for phpservermon/phpservermon (Composer) Dec 16, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database