GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,040
Maven
5,000+
npm
3,732
NuGet
662
pip
3,413
Pub
12
RubyGems
891
Rust
866
Swift
36
Unreviewed advisories
All unreviewed
5,000+
17 advisories
Filter by severity
The HTTP host header can be manipulated and cause the application to behave in unexpected ways....
Moderate
Unreviewed
CVE-2024-30129
was published
Dec 6, 2024
Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability
Moderate
CVE-2024-10006
was published
for
github.com/hashicorp/consul
(Go)
Oct 31, 2024
Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, which may allow...
High
Unreviewed
CVE-2024-47549
was published
Oct 25, 2024
IBM Aspera Orchestrator 4.0.1 is vulnerable to HTTP header injection, caused by improper...
Moderate
Unreviewed
CVE-2023-26289
was published
Jul 30, 2024
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to HTTP header...
Moderate
Unreviewed
CVE-2024-39736
was published
Jul 15, 2024
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before....
Critical
Unreviewed
CVE-2024-22081
was published
Mar 20, 2024
IBM Aspera Faspex 5.0.0 and 5.0.1 is vulnerable to HTTP header injection, caused by improper...
Moderate
Unreviewed
CVE-2022-22399
was published
Mar 5, 2024
Improper Neutralization of HTTP Headers in github.com/greenpau/caddy-security
Moderate
CVE-2024-21499
was published
for
github.com/greenpau/caddy-security
(Go)
Feb 17, 2024
A host header injection vulnerability in the HTTP handler component of Crafty Controller allows a...
High
Unreviewed
CVE-2024-1064
was published
Feb 3, 2024
IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to...
Critical
Unreviewed
CVE-2023-47143
was published
Feb 2, 2024
Spring HATEOAS vulnerable to Improper Neutralization of HTTP Headers for Scripting Syntax
Moderate
CVE-2023-34036
was published
for
org.springframework.hateoas:spring-hateoas
(Maven)
Jul 17, 2023
In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10,...
Moderate
Unreviewed
CVE-2023-36919
was published
Jul 11, 2023
SAP Solution Manager (Diagnostics agent) - version 7.20, allows an attacker to tamper with...
High
Unreviewed
CVE-2023-36921
was published
Jul 11, 2023
Dell Power Protect Cyber Recovery, contains an Authentication Bypass vulnerability. An attacker...
High
Unreviewed
CVE-2023-32465
was published
Jun 14, 2023
HTTP header injection vulnerability in Everything all versions except the Lite version may allow...
Moderate
Unreviewed
CVE-2021-20784
was published
May 24, 2022
HTTP Host Header Injection
Moderate
CVE-2021-41114
was published
for
typo3/cms
(Composer)
Oct 5, 2021
Potential Host Header Poisoning on misconfigured servers
Low
CVE-2021-21265
was published
for
october/backend
(Composer)
Mar 10, 2021
ProTip!
Advisories are also available from the
GraphQL API