GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 28,808
Composer 5,566
Erlang 49
GitHub Actions 49
Go 3,479
Maven 6,393
npm 5,718
NuGet 886
pip 4,740
Pub 13
RubyGems 1,031
Rust 1,225
Swift 53

Unreviewed advisories

All unreviewed 297,392

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

44 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

HCL Aftermarket DPC is affected by HTTP Response Splitting vulnerability where in depending on... Low Unreviewed

CVE-2025-55271 was published Mar 26, 2026

Due to a CRLF Injection vulnerability in SAP NetWeaver Application Server Java, an authenticated... Low Unreviewed

CVE-2026-23686 was published Feb 10, 2026

Due to improper memory management in SAP NetWeaver and ABAP Platform (Application Server ABAP),... Low Unreviewed

CVE-2026-24320 was published Feb 10, 2026

CGI::Simple versions before 1.282 for Perl has a HTTP response splitting flaw This vulnerability... High Unreviewed

CVE-2025-40927 was published Aug 29, 2025

SAP S/4HANA Supplier invoice is vulnerable to CRLF Injection. An attacker with user-level... Moderate Unreviewed

CVE-2025-42934 was published Aug 12, 2025

In affected versions of Octopus Server it was possible for a user with sufficient access to set... Moderate Unreviewed

CVE-2025-0588 was published Feb 11, 2025

cpp-httplib version v0.17.3 through v0.18.3 fails to filter CRLF characters ("\r\n") when those... Moderate Unreviewed

CVE-2025-0825 was published Feb 4, 2025

An issue was discovered in GFI Kerio Control 9.2.5 through 9.4.5. The dest GET parameter passed... High Unreviewed

CVE-2024-52875 was published Jan 31, 2025

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')... Low Unreviewed

CVE-2024-45687 was published Jan 21, 2025

An improper neutralization of crlf sequences in http headers ('http response splitting') in... Moderate Unreviewed

CVE-2024-54021 was published Jan 14, 2025

A CRLF injection vulnerability in E-Staff v5.1 allows attackers to insert Carriage Return (CR)... Critical Unreviewed

CVE-2024-40324 was published Jul 25, 2024

A vulnerability in the web-based management API of Cisco AsyncOS Software for Cisco Secure Email... Moderate Unreviewed

CVE-2024-20392 was published May 15, 2024

HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can... Moderate Unreviewed

CVE-2024-24795 was published Apr 4, 2024

The vulnerability allows a remote attacker to inject arbitrary HTTP response headers or... Moderate Unreviewed

CVE-2023-48256 was published Jan 10, 2024

All versions of the package ithewei/libhv are vulnerable to HTTP Response Splitting when... Moderate Unreviewed

CVE-2023-26147 was published Sep 29, 2023

All versions of the package crow are vulnerable to HTTP Response Splitting when untrusted user... Moderate Unreviewed

CVE-2023-26142 was published Sep 19, 2023

Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1... Moderate Unreviewed

CVE-2023-41834 was published Sep 19, 2023

The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted... Moderate Unreviewed

CVE-2023-29406 was published Jul 11, 2023

In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions... High Unreviewed

CVE-2023-32708 was published Jul 6, 2023

All versions of the package drogonframework/drogon are vulnerable to HTTP Response Splitting when... Moderate Unreviewed

CVE-2023-26137 was published Jul 6, 2023

AMI SPx contains a vulnerability in the BMC where an Attacker may cause an improper... Moderate Unreviewed

CVE-2023-34472 was published Jul 5, 2023

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15... Moderate Unreviewed

CVE-2023-0508 was published Jun 7, 2023

Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be... Moderate Unreviewed

CVE-2022-37436 was published Jan 17, 2023

A vulnerability in Cisco Email Security Appliance (ESA) and Cisco Secure Email and Web Manager... Moderate Unreviewed

CVE-2022-20772 was published Nov 4, 2022

A vulnerability exists in the http web interface where the web interface does not validate data... High Unreviewed

CVE-2021-40336 was published Jul 26, 2022

Previous12 Next

Previous 1 2 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

44 advisories