GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,217
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,443
Swift
61
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
58 advisories
Filter by severity
The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More...
Moderate
Unreviewed
CVE-2026-12127
was published
Jul 1, 2026
Metrics::Any::Adapter::SignalFx versions before 0.04 for Perl does not protect against metric...
Moderate
Unreviewed
CVE-2026-50639
was published
Jun 10, 2026
Net::Statsd versions before 0.13 for Perl allow metric injections.
The metric names are not...
Moderate
Unreviewed
CVE-2026-46739
was published
Jun 4, 2026
Net::Async::Statsd::Client versions through 0.005 for Perl allow metric injections.
The metric...
Moderate
Unreviewed
CVE-2026-8722
was published
Jun 4, 2026
Music Player Daemon (MPD) before version 0.24.11 contains a CRLF injection vulnerability in the...
Moderate
Unreviewed
CVE-2026-49130
was published
May 28, 2026
Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections.
The metric...
Moderate
Unreviewed
CVE-2026-46740
was published
May 27, 2026
Net::Statsd::Lite versions before 0.9.0 for Perl allowed metric injections.
The metric names...
Moderate
Unreviewed
CVE-2026-46719
was published
May 16, 2026
PowerSYSTEM Center email notification service is affected by a CRLF injection vulnerability when...
Moderate
Unreviewed
CVE-2026-35504
was published
May 12, 2026
The HTTP Headers plugin for WordPress is vulnerable to CRLF Injection in all versions up to, and...
Moderate
Unreviewed
CVE-2026-2717
was published
Apr 22, 2026
SD-330AC and AMC Manager provided by silex technology, Inc. contain an improper neutralization of...
Moderate
Unreviewed
CVE-2026-32964
was published
Apr 20, 2026
CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability exists that...
Moderate
Unreviewed
CVE-2026-2400
was published
Apr 14, 2026
CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host.
Moderate
Unreviewed
CVE-2026-1502
was published
Apr 10, 2026
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to...
Moderate
Unreviewed
CVE-2026-2442
was published
Mar 28, 2026
A vulnerability in the web-based Cisco IOx application hosting environment management interface...
Moderate
Unreviewed
CVE-2026-20113
was published
Mar 25, 2026
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_mail_smtp_module module due to...
Moderate
Unreviewed
CVE-2026-28753
was published
Mar 24, 2026
A flaw was found in mod_proxy_cluster. This vulnerability, a Carriage Return Line Feed (CRLF)...
Moderate
Unreviewed
CVE-2026-3234
was published
Mar 12, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.11 before 18.7.6, 18...
Moderate
Unreviewed
CVE-2026-3848
was published
Mar 11, 2026
A flaw was found in the FTP GVfs backend. A remote attacker could exploit this input validation...
Moderate
Unreviewed
CVE-2026-28296
was published
Feb 26, 2026
A flaw was found in libsoup. An attacker who can control the input for the Content-Disposition...
Moderate
Unreviewed
CVE-2026-1536
was published
Jan 28, 2026
A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF (Carriage...
Moderate
Unreviewed
CVE-2026-1467
was published
Jan 27, 2026
The
email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for...
Moderate
Unreviewed
CVE-2026-1299
was published
Jan 23, 2026
User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through...
Moderate
Unreviewed
CVE-2025-15282
was published
Jan 21, 2026
When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting...
Moderate
Unreviewed
CVE-2026-0672
was published
Jan 21, 2026
When folding a long comment in an email header containing exclusively unfoldable characters, the...
Moderate
Unreviewed
CVE-2025-11468
was published
Jan 21, 2026
A CRLF injection vulnerability in Kentico Xperience allows attackers to manipulate URL query...
Moderate
Unreviewed
CVE-2022-50682
was published
Dec 18, 2025
ProTip!
Advisories are also available from the
GraphQL API