Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,330
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

35 advisories

Loading
An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is a CRLF... Moderate Unreviewed
CVE-2017-8788 was published May 17, 2022
CRLF injection vulnerability in the url_parse function in url.c in Wget through 1.19.1 allows... Moderate Unreviewed
CVE-2017-6508 was published May 17, 2022
HTTP header injection vulnerability in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2... Moderate Unreviewed
CVE-2017-2111 was published May 17, 2022
CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote... Moderate Unreviewed
CVE-2017-5868 was published May 17, 2022
An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is a home/seos... Moderate Unreviewed
CVE-2017-8791 was published May 17, 2022
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through... Moderate Unreviewed
CVE-2019-9947 was published May 13, 2022
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through... Moderate Unreviewed
CVE-2019-9740 was published May 13, 2022
GitLab CE/EE versions 8.18 up to 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11... High Unreviewed
CVE-2018-19585 was published May 24, 2022
CRLF injection vulnerability in phpMyVisites before 2.2 allows remote attackers to inject... High Unreviewed
CVE-2007-0892 was published May 1, 2022
CRLF injection vulnerability in the web-based management (WBM) interface in Unify (former Siemens... Moderate Unreviewed
CVE-2014-9563 was published May 13, 2022
Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir.... Moderate Unreviewed
CVE-2016-4975 was published May 13, 2022
An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker... Moderate Unreviewed
CVE-2019-9741 was published May 13, 2022
A Improper Neutralization of CRLF Sequences vulnerability in Open Build Service allows remote... High Unreviewed
CVE-2018-12477 was published May 13, 2022
Ansible Tower as shipped with Red Hat CloudForms Management Engine 5 is vulnerable to CRLF... Moderate Unreviewed
CVE-2017-7528 was published May 13, 2022
Domoticz before 4.10579 neglects to categorize \n and \r as insecure argument options. High Unreviewed
CVE-2019-10678 was published May 14, 2022
CRLF injection vulnerability in VMware vCenter Server 6.0 before U2 and ESXi 6.0 allows remote... Moderate Unreviewed
CVE-2016-5331 was published May 14, 2022
CRLF injection vulnerability in Infoblox Network Automation NetMRI before 7.1.1 allows remote... Moderate Unreviewed
CVE-2016-6484 was published May 14, 2022
Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a... Moderate Unreviewed
CVE-2015-9096 was published May 14, 2022
Insufficient restriction of IPP filters in CUPS in Google Chrome OS prior to 62.0.3202.74 allowed... High Unreviewed
CVE-2017-15400 was published May 14, 2022
CRLF injection vulnerability in OXID eShop Professional Edition before 4.7.11 and 4.8.x before 4... Moderate Unreviewed
CVE-2014-2017 was published May 14, 2022
CrushFTP before 7.8.0 and 8.x before 8.2.0 has an HTTP header vulnerability. Moderate Unreviewed
CVE-2017-14037 was published May 17, 2022
CRLF injection vulnerability in IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband... Moderate Unreviewed
CVE-2014-9564 was published May 17, 2022
A vulnerability in the Clientless SSL VPN (WebVPN) of Cisco Adaptive Security Appliance (ASA)... Moderate Unreviewed
CVE-2020-3561 was published May 24, 2022
A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9... Moderate Unreviewed
CVE-2023-4768 was published Nov 3, 2023
A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9... Moderate Unreviewed
CVE-2023-4767 was published Nov 3, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database