Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,343
Erlang
31
GitHub Actions
22
Go
2,107
Maven
5,000+
npm
3,764
NuGet
679
pip
3,452
Pub
12
RubyGems
892
Rust
886
Swift
37
Unreviewed advisories
All unreviewed
5,000+

65 advisories

Loading
A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9... Moderate Unreviewed
CVE-2023-4768 was published Nov 3, 2023
Duplicate Advisory: Improper Neutralization of CRLF Sequences in dio High
GHSA-jwpw-q68h-r678 was published for dio (Pub) May 24, 2022 withdrawn
AlexV525
dio vulnerable to CRLF injection with HTTP method string High
CVE-2021-31402 was published for dio (Pub) Mar 21, 2023
licy183 AlexV525
set0x thomas-chauchefoin-sonarsource
Joomla! vulnerable to CRLF injection Moderate
CVE-2007-4190 was published for joomla/application (Composer) May 1, 2022
Mail Gem CRLF Injection vulnerability Moderate
CVE-2015-9097 was published for mail (RubyGems) Oct 24, 2017
A vulnerability in the Clientless SSL VPN (WebVPN) of Cisco Adaptive Security Appliance (ASA)... Moderate Unreviewed
CVE-2020-3561 was published May 24, 2022
Async HTTP Client has CRLF Injection vulnerability in HTTP request headers High
CVE-2023-0040 was published for github.com/swift-server/async-http-client (Swift) Jun 7, 2023
dellalibera
Headers containing newline characters can split messages in hyper Moderate
CVE-2017-18587 was published for hyper (Rust) Aug 25, 2021
Cachet vulnerable to new line injection during configuration edition High
CVE-2021-39172 was published for cachethq/cachet (Composer) Aug 30, 2021
thomas-chauchefoin-sonarsource tdunlap607
CRLF Injection in Nodejs ‘undici’ via host Moderate
CVE-2023-23936 was published for undici (npm) Feb 16, 2023
CRLF vulnerability in Fiber Moderate
CVE-2020-15111 was published for github.com/gofiber/fiber (Go) Jun 29, 2021
hsblhsn abdshaleh
CRLF Injection in microweber High
CVE-2022-0666 was published for microweber/microweber (Composer) Feb 19, 2022
Nodejs ‘undici’ vulnerable to CRLF Injection via Content-Type Moderate
CVE-2022-35948 was published for undici (npm) Aug 18, 2022
happyhacking-k
CRLF injection vulnerability in IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband... Moderate Unreviewed
CVE-2014-9564 was published May 17, 2022
CrushFTP before 7.8.0 and 8.x before 8.2.0 has an HTTP header vulnerability. Moderate Unreviewed
CVE-2017-14037 was published May 17, 2022
CRLF injection vulnerability in OXID eShop Professional Edition before 4.7.11 and 4.8.x before 4... Moderate Unreviewed
CVE-2014-2017 was published May 14, 2022
Insufficient restriction of IPP filters in CUPS in Google Chrome OS prior to 62.0.3202.74 allowed... High Unreviewed
CVE-2017-15400 was published May 14, 2022
Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a... Moderate Unreviewed
CVE-2015-9096 was published May 14, 2022
CRLF injection vulnerability in Infoblox Network Automation NetMRI before 7.1.1 allows remote... Moderate Unreviewed
CVE-2016-6484 was published May 14, 2022
CRLF injection vulnerability in VMware vCenter Server 6.0 before U2 and ESXi 6.0 allows remote... Moderate Unreviewed
CVE-2016-5331 was published May 14, 2022
Domoticz before 4.10579 neglects to categorize \n and \r as insecure argument options. High Unreviewed
CVE-2019-10678 was published May 14, 2022
Ansible Tower as shipped with Red Hat CloudForms Management Engine 5 is vulnerable to CRLF... Moderate Unreviewed
CVE-2017-7528 was published May 13, 2022
A Improper Neutralization of CRLF Sequences vulnerability in Open Build Service allows remote... High Unreviewed
CVE-2018-12477 was published May 13, 2022
phpservermon is vulnerable to CRLF Injection Moderate
CVE-2021-4097 was published for phpservermon/phpservermon (Composer) Dec 16, 2021
An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker... Moderate Unreviewed
CVE-2019-9741 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database