GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,233
Erlang
31
GitHub Actions
20
Go
1,992
Maven
5,000+
npm
3,709
NuGet
661
pip
3,346
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
35 advisories
Filter by severity
Misinterpretation of malicious XML input
Moderate
CVE-2021-21366
was published
for
xmldom
(npm)
Mar 12, 2021
Ethereum Contains Consensus Flaw During Block Processing
Moderate
CVE-2021-39137
was published
for
github.com/ethereum/go-ethereum
(Go)
Aug 30, 2021
PAN-OS software provides options to exclude specific websites from URL category enforcement and...
Moderate
Unreviewed
CVE-2022-0011
was published
Feb 11, 2022
bgpd in FRRouting FRR (aka Free Range Routing) 2.x and 3.x before 3.0.4, 4.x before 4.0.1, 5.x...
Moderate
Unreviewed
CVE-2019-5892
was published
May 13, 2022
Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic...
Moderate
Unreviewed
CVE-2019-17596
was published
May 24, 2022
An issue was discovered in Suricata 5.0.0. It is possible to bypass/evade any tcp based signature...
Moderate
Unreviewed
CVE-2019-18792
was published
May 24, 2022
The Sophos AV parsing engine before 2020-01-14 allows virus-detection bypass via a crafted ZIP...
Moderate
Unreviewed
CVE-2020-9363
was published
May 24, 2022
The Quick Heal AV parsing engine (November 2019) allows virus-detection bypass via a crafted...
Moderate
Unreviewed
CVE-2020-9362
was published
May 24, 2022
For ABB eSOMS versions 4.0 to 6.0.3, the X-Content-Type-Options Header is missing in the HTTP...
Moderate
Unreviewed
CVE-2019-19089
was published
May 24, 2022
A vulnerability in the FTP inspection engine of Cisco Adaptive Security Appliance (ASA) Software...
Moderate
Unreviewed
CVE-2020-3564
was published
May 24, 2022
Fossil 2.18 on Windows allows attackers to cause a denial of service (daemon crash) via an XSS...
Moderate
Unreviewed
CVE-2022-34009
was published
Jul 29, 2022
An HTTP response splitting attack in web application in ASUS RT-AX88U before v3.0.0.4.388.20558...
Moderate
Unreviewed
CVE-2021-41437
was published
Sep 27, 2022
Insecure method vulnerability in which allowed HTTP methods are disclosed. E.g., OPTIONS, DELETE,...
Moderate
Unreviewed
CVE-2022-38115
was published
Nov 23, 2022
Netty vulnerable to HTTP Response splitting from assigning header value iterator
Moderate
CVE-2022-41915
was published
for
io.netty:netty-codec-http
(Maven)
Dec 12, 2022
Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be...
Moderate
Unreviewed
CVE-2022-37436
was published
Jan 17, 2023
A improper neutralization of crlf sequences in http headers ('http response splitting') in...
Moderate
Unreviewed
CVE-2022-42472
was published
Feb 16, 2023
In the Linux kernel before 6.0.3, drivers/gpu/drm/virtio/virtgpu_object.c misinterprets the...
Moderate
Unreviewed
CVE-2023-22998
was published
Feb 28, 2023
OpenZeppelin Contracts TransparentUpgradeableProxy clashing selector calls may not be delegated
Moderate
CVE-2023-30541
was published
for
@openzeppelin/contracts
(npm)
Apr 17, 2023
Insecure header validation in slim/psr7
Moderate
CVE-2023-30536
was published
for
slim/psr7
(Composer)
Apr 18, 2023
Improper header name validation in guzzlehttp/psr7
Moderate
CVE-2023-29197
was published
for
guzzlehttp/psr7
(Composer)
Apr 19, 2023
Improper header validation in httpsoft/http-message
Moderate
GHSA-9jxr-mwpp-w643
was published
for
httpsoft/http-message
(Composer)
Apr 21, 2023
Improper Input Validation in nyholm/psr7
Moderate
GHSA-wjfc-pgfp-pv9c
was published
for
nyholm/psr7
(Composer)
Apr 21, 2023
The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted...
Moderate
Unreviewed
CVE-2023-29406
was published
Jul 11, 2023
The vulnerability allows a remote attacker to inject arbitrary HTTP response headers or...
Moderate
Unreviewed
CVE-2023-48256
was published
Jan 10, 2024
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') in trillium-http and trillium-client
Moderate
CVE-2024-23644
was published
for
trillium-client
(Rust)
Jan 24, 2024
ProTip!
Advisories are also available from the
GraphQL API