Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,538
Maven
5,000+
npm
5,000+
NuGet
914
pip
4,790
Pub
13
RubyGems
1,037
Rust
1,232
Swift
53
Unreviewed advisories
All unreviewed
5,000+

55 advisories

Loading
Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain Moderate
CVE-2026-40175 was published for axios (npm) Apr 10, 2026
raulvdv Credited to raulvdv, SwTan98, Wenxin-Jiang, and jasonsaayman SwTan98 SwTan98
Wenxin-Jiang Wenxin-Jiang jasonsaayman jasonsaayman
Hono missing validation of cookie name on write path in setCookie() Moderate
GHSA-26pp-8wgv-hjvm was published for hono (npm) Apr 8, 2026
athuljayaram Credited to athuljayaram
Electron: HTTP Response Header Injection in custom protocol handlers and webRequest Moderate
CVE-2026-34767 was published for electron (npm) Apr 3, 2026
ewe Has Improper Neutralization of CRLF Sequences in HTTP Headers (HTTP Request/Response Splitting) Moderate
CVE-2026-34715 was published for ewe (Erlang) Apr 1, 2026
athuljayaram Credited to athuljayaram
Hono Vulnerable to Cookie Attribute Injection via Unsanitized domain and path in setCookie() Moderate
CVE-2026-29086 was published for hono (npm) Mar 4, 2026
TarPeg007 Credited to TarPeg007
Gakido vulnerable to HTTP Header Injection (CRLF Injection) Moderate
CVE-2026-24489 was published for gakido (pip) Jan 26, 2026
omarkurt Credited to omarkurt
BlackSheep's ClientSession is vulnerable to CRLF injection Moderate
CVE-2026-22779 was published for blacksheep (pip) Jan 14, 2026
tr4ce-ju Credited to tr4ce-ju
SAP S/4HANA Supplier invoice is vulnerable to CRLF Injection. An attacker with user-level... Moderate Unreviewed
CVE-2025-42934 was published Aug 12, 2025
Spring Framework vulnerable to a reflected file download (RFD) Moderate
CVE-2025-41234 was published for org.springframework:spring-web (Maven) Jun 13, 2025
Pitchfork HTTP Request/Response Splitting vulnerability Moderate
CVE-2025-30221 was published for pitchfork (RubyGems) Mar 27, 2025
In affected versions of Octopus Server it was possible for a user with sufficient access to set... Moderate Unreviewed
CVE-2025-0588 was published Feb 11, 2025
cpp-httplib version v0.17.3 through v0.18.3 fails to filter CRLF characters ("\r\n") when those... Moderate Unreviewed
CVE-2025-0825 was published Feb 4, 2025
An improper neutralization of crlf sequences in http headers ('http response splitting') in... Moderate Unreviewed
CVE-2024-54021 was published Jan 14, 2025
CRLF Injection in RestSharp's `RestRequest.AddHeader` method Moderate
CVE-2024-45302 was published for RestSharp (NuGet) Aug 29, 2024
sofiaml Credited to sofiaml and Static-Flow Static-Flow Static-Flow
Gateway API route matching order contradicts specification Moderate
CVE-2024-42487 was published for github.com/cilium/cilium (Go) Aug 15, 2024
sayboras Credited to sayboras
A vulnerability in the web-based management API of Cisco AsyncOS Software for Cisco Secure Email... Moderate Unreviewed
CVE-2024-20392 was published May 15, 2024
HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can... Moderate Unreviewed
CVE-2024-24795 was published Apr 4, 2024
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') in trillium-http and trillium-client Moderate
CVE-2024-23644 was published for trillium-client (Rust) Jan 24, 2024
divergentdave Credited to divergentdave
The vulnerability allows a remote attacker to inject arbitrary HTTP response headers or... Moderate Unreviewed
CVE-2023-48256 was published Jan 10, 2024
All versions of the package ithewei/libhv are vulnerable to HTTP Response Splitting when... Moderate Unreviewed
CVE-2023-26147 was published Sep 29, 2023
All versions of the package crow are vulnerable to HTTP Response Splitting when untrusted user... Moderate Unreviewed
CVE-2023-26142 was published Sep 19, 2023
Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1... Moderate Unreviewed
CVE-2023-41834 was published Sep 19, 2023
The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted... Moderate Unreviewed
CVE-2023-29406 was published Jul 11, 2023
All versions of the package drogonframework/drogon are vulnerable to HTTP Response Splitting when... Moderate Unreviewed
CVE-2023-26137 was published Jul 6, 2023
AMI SPx contains a vulnerability in the BMC where an Attacker may cause an improper... Moderate Unreviewed
CVE-2023-34472 was published Jul 5, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database