Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,538
Maven
5,000+
npm
5,000+
NuGet
914
pip
4,790
Pub
13
RubyGems
1,037
Rust
1,232
Swift
53
Unreviewed advisories
All unreviewed
5,000+

13 advisories

Loading
Serendipity has a Host Header Injection allows SMTP header injection via unvalidated HTTP_HOST in Message-ID email header High
CVE-2026-39971 was published for s9y/serendipity (Composer) Apr 14, 2026
mabjr33 Credited to mabjr33
CGI::Simple versions before 1.282 for Perl has a HTTP response splitting flaw This vulnerability... High Unreviewed
CVE-2025-40927 was published Aug 29, 2025
An issue was discovered in GFI Kerio Control 9.2.5 through 9.4.5. The dest GET parameter passed... High Unreviewed
CVE-2024-52875 was published Jan 31, 2025
In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions... High Unreviewed
CVE-2023-32708 was published Jul 6, 2023
A vulnerability exists in the http web interface where the web interface does not validate data... High Unreviewed
CVE-2021-40336 was published Jul 26, 2022
Improper neutralization of CRLF sequences in HTTP headers vulnerability in Intel Security... High Unreviewed
CVE-2016-8024 was published May 17, 2022
HTTP header injection in the httpd package in fli4l before 3.10.1 and 4.0 before 2015-01-30. High Unreviewed
CVE-2015-1445 was published May 17, 2022
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')... High Unreviewed
CVE-2018-7830 was published May 14, 2022
The YunoHost 2.7.2 through 2.7.14 web application is affected by one HTTP Response Header... High Unreviewed
CVE-2018-11347 was published May 14, 2022
HTTP header injection vulnerability in SEIKO EPSON printers and scanners (DS-570W firmware... High Unreviewed
CVE-2018-0689 was published May 14, 2022
An exploitable HTTP header injection vulnerability exists in the remote servers of Samsung... High Unreviewed
CVE-2018-3911 was published May 13, 2022
phpMyAdmin HTTP Response Splitting Vulnerability High
CVE-2009-1149 was published for phpmyadmin/phpmyadmin (Composer) May 2, 2022
Inconsistent Interpretation of HTTP Requests in github.com/gin-gonic/gin High
CVE-2020-28483 was published for github.com/gin-gonic/gin (Go) Jun 23, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database