GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
40 advisories
Filter by severity
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') in Armeria
Moderate
GHSA-35fr-h7jr-hh86
was published
for
com.linecorp.armeria:armeria
(Maven)
Dec 6, 2019
Improper Neutralization of CRLF Sequences in HTTP Headers in Undertow
Moderate
CVE-2018-1067
was published
for
org.jboss.eap:wildfly-undertow
(Maven)
May 13, 2022
apt-cacher before 1.7.15 and apt-cacher-ng before 3.4 allow HTTP response splitting via encoded...
Moderate
Unreviewed
CVE-2017-7443
was published
May 17, 2022
CRLF injection vulnerability in the HTTP Header Handler in Digital Broadband Delivery System in...
Moderate
Unreviewed
CVE-2015-0733
was published
May 17, 2022
CRLF injection vulnerability in Huawei FusionAccess before V100R006C00 allows remote attackers to...
Moderate
Unreviewed
CVE-2016-6839
was published
May 17, 2022
Netty vulnerable to HTTP Response splitting from assigning header value iterator
Moderate
CVE-2022-41915
was published
for
io.netty:netty-codec-http
(Maven)
Dec 12, 2022
CRLF injection vulnerability in the drupal_goto function in includes/common.inc Drupal 4.7.x...
Moderate
Unreviewed
CVE-2007-5595
was published
May 1, 2022
HTTP Response Splitting in WSO2 transport-http
Moderate
CVE-2019-10797
was published
for
org.wso2.transport.http:org.wso2.transport.http.netty
(Maven)
Feb 9, 2022
A vulnerability in the Cisco Email Security Appliance (ESA) could allow an unauthenticated,...
Moderate
Unreviewed
CVE-2017-12309
was published
May 13, 2022
HTTP header injection vulnerability in i-FILTER Ver.9.50R05 and earlier may allow remote...
Moderate
Unreviewed
CVE-2018-16181
was published
May 14, 2022
Monstra CMS V3.0.4 allows HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg...
Moderate
Unreviewed
CVE-2018-16979
was published
May 14, 2022
CRLF injection vulnerability in the ServerResponse#writeHead function in Node.js 0.10.x before 0...
Moderate
Unreviewed
CVE-2016-5325
was published
May 14, 2022
IBM Security Guardium 10.0 is vulnerable to HTTP response splitting attacks. A remote attacker...
Moderate
Unreviewed
CVE-2017-1262
was published
May 14, 2022
CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in...
Moderate
Unreviewed
CVE-2016-5699
was published
May 14, 2022
Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0...
Moderate
Unreviewed
CVE-2017-17742
was published
May 13, 2022
Limited header injection when using dynamic overrides with user input in RubyGems secure_headers
Moderate
CVE-2020-5216
was published
for
secure_headers
(RubyGems)
Jan 23, 2020
HTTP Response Splitting in Puma
Moderate
CVE-2020-5247
was published
for
puma
(RubyGems)
Feb 28, 2020
SwiftNIO vulnerable to Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
Moderate
CVE-2022-3215
was published
for
github.com/apple/swift-nio
(Swift)
Jun 7, 2023
Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be...
Moderate
Unreviewed
CVE-2022-37436
was published
Jan 17, 2023
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is...
Moderate
Unreviewed
CVE-2020-10753
was published
May 24, 2022
HTTP Response Splitting (Early Hints) in Puma
Moderate
CVE-2020-5249
was published
for
puma
(RubyGems)
Mar 3, 2020
The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted...
Moderate
Unreviewed
CVE-2023-29406
was published
Jul 11, 2023
Moodle CRLF Injection Vulnerability in Calendar Component
Moderate
CVE-2011-4203
was published
for
moodle/moodle
(Composer)
May 13, 2022
The vulnerability allows a remote attacker to inject arbitrary HTTP response headers or...
Moderate
Unreviewed
CVE-2023-48256
was published
Jan 10, 2024
A vulnerability in Cisco Email Security Appliance (ESA) and Cisco Secure Email and Web Manager...
Moderate
Unreviewed
CVE-2022-20772
was published
Nov 4, 2022
ProTip!
Advisories are also available from the
GraphQL API