Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,479
Maven
5,000+
npm
5,000+
NuGet
886
pip
4,740
Pub
13
RubyGems
1,031
Rust
1,225
Swift
53
Unreviewed advisories
All unreviewed
5,000+

25 advisories

Loading
Hono missing validation of cookie name on write path in setCookie() Moderate
GHSA-26pp-8wgv-hjvm was published for hono (npm) Apr 8, 2026
athuljayaram Credited to athuljayaram
Electron: HTTP Response Header Injection in custom protocol handlers and webRequest Moderate
CVE-2026-34767 was published for electron (npm) Apr 3, 2026
ewe Has Improper Neutralization of CRLF Sequences in HTTP Headers (HTTP Request/Response Splitting) Moderate
CVE-2026-34715 was published for ewe (Erlang) Apr 1, 2026
athuljayaram Credited to athuljayaram
Hono Vulnerable to Cookie Attribute Injection via Unsanitized domain and path in setCookie() Moderate
CVE-2026-29086 was published for hono (npm) Mar 4, 2026
TarPeg007 Credited to TarPeg007
Gakido vulnerable to HTTP Header Injection (CRLF Injection) Moderate
CVE-2026-24489 was published for gakido (pip) Jan 26, 2026
omarkurt Credited to omarkurt
BlackSheep's ClientSession is vulnerable to CRLF injection Moderate
CVE-2026-22779 was published for blacksheep (pip) Jan 14, 2026
tr4ce-ju Credited to tr4ce-ju
Spring Framework vulnerable to a reflected file download (RFD) Moderate
CVE-2025-41234 was published for org.springframework:spring-web (Maven) Jun 13, 2025
Pitchfork HTTP Request/Response Splitting vulnerability Moderate
CVE-2025-30221 was published for pitchfork (RubyGems) Mar 27, 2025
CRLF Injection in RestSharp's `RestRequest.AddHeader` method Moderate
CVE-2024-45302 was published for RestSharp (NuGet) Aug 29, 2024
sofiaml Credited to sofiaml and Static-Flow Static-Flow Static-Flow
Gateway API route matching order contradicts specification Moderate
CVE-2024-42487 was published for github.com/cilium/cilium (Go) Aug 15, 2024
sayboras Credited to sayboras
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') in trillium-http and trillium-client Moderate
CVE-2024-23644 was published for trillium-client (Rust) Jan 24, 2024
divergentdave Credited to divergentdave
SwiftNIO vulnerable to Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') Moderate
CVE-2022-3215 was published for github.com/apple/swift-nio (Swift) Jun 7, 2023
dellalibera Credited to dellalibera
Netty vulnerable to HTTP Response splitting from assigning header value iterator Moderate
CVE-2022-41915 was published for io.netty:netty-codec-http (Maven) Dec 12, 2022
rafalambrozewicz Credited to rafalambrozewicz and anderruiz anderruiz anderruiz
Drupal CRLF injection vulnerability in the drupal_set_header function Moderate
CVE-2016-3166 was published for drupal/core (Composer) May 17, 2022
Jenkins has CRLF Injection Vulnerability in the CLI Moderate
CVE-2016-0789 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Jenkins allows HTTP Injection and Response Splitting Moderate
CVE-2012-6072 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Tomcat Moderate
CVE-2014-0099 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ Credited to sunSUNQ
Improper Neutralization of CRLF Sequences in HTTP Headers in Undertow Moderate
CVE-2018-1067 was published for org.jboss.eap:wildfly-undertow (Maven) May 13, 2022
Moodle CRLF Injection Vulnerability in Calendar Component Moderate
CVE-2011-4203 was published for moodle/moodle (Composer) May 13, 2022
HTTP Response Splitting in WSO2 transport-http Moderate
CVE-2019-10797 was published for org.wso2.transport.http:org.wso2.transport.http.netty (Maven) Feb 9, 2022
HTTP Response Splitting (Early Hints) in Puma Moderate
CVE-2020-5249 was published for puma (RubyGems) Mar 3, 2020
HTTP Response Splitting in Puma Moderate
CVE-2020-5247 was published for puma (RubyGems) Feb 28, 2020
Limited header injection when using dynamic overrides with user input in RubyGems secure_headers Moderate
CVE-2020-5216 was published for secure_headers (RubyGems) Jan 23, 2020
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') in Armeria Moderate
GHSA-35fr-h7jr-hh86 was published for com.linecorp.armeria:armeria (Maven) Dec 6, 2019
JLLeitschuh Credited to JLLeitschuh
Low severity vulnerability that affects com.linecorp.armeria:armeria Moderate
CVE-2019-16771 was published for com.linecorp.armeria:armeria (Maven) Dec 5, 2019
SunBK201 Credited to SunBK201
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database