Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,479
Maven
5,000+
npm
5,000+
NuGet
886
pip
4,740
Pub
13
RubyGems
1,031
Rust
1,225
Swift
53
Unreviewed advisories
All unreviewed
5,000+

3 advisories

Loading
AIOHTTP's C parser (llhttp) accepts null bytes and control characters in response header values - header injection/security bypass Low
CVE-2026-34520 was published for aiohttp (pip) Apr 1, 2026
vmfunc Credited to vmfunc, oxqnd, and rodrigobnogueira oxqnd oxqnd
rodrigobnogueira rodrigobnogueira
AIOHTTP has HTTP response splitting via \r in reason phrase Low
CVE-2026-34519 was published for aiohttp (pip) Apr 1, 2026
DHIRAL2908 Credited to DHIRAL2908
AIOHTTP has CRLF injection through multipart part content type header construction Low
CVE-2026-34514 was published for aiohttp (pip) Apr 1, 2026
mingijunggrape Credited to mingijunggrape
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database