Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
3,990
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,390
Swift
56
Unreviewed advisories
All unreviewed
5,000+

49 advisories

Loading
IBM DevOps Plan 3.0.0 through 3.0.6 is vulnerable to HTTP header injection, caused by improper... Moderate Unreviewed
CVE-2026-4096 was published Jun 11, 2026
Fastify's connection header abuse enables stripping of proxy-added headers Critical
CVE-2026-33805 was published for @fastify/http-proxy (npm) Apr 16, 2026
FredKSchott Credited to FredKSchott, mcollina, UlisesGascon, and climba03003 mcollina mcollina
UlisesGascon UlisesGascon climba03003 climba03003
IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTTP header injection, caused by improper... Moderate Unreviewed
CVE-2025-66485 was published Apr 2, 2026
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to HTTP header... Moderate Unreviewed
CVE-2025-14807 was published Mar 25, 2026
IBM Aspera Orchestrator 3.0.0 through 4.1.2 is vulnerable to HTTP header injection, caused by... Moderate Unreviewed
CVE-2025-13213 was published Mar 10, 2026
IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to HTTP header injection, caused by... Moderate Unreviewed
CVE-2025-36227 was published Mar 10, 2026
@perfood/couch-auth has a host header injection vulnerability Moderate
CVE-2025-70948 was published for @perfood/couch-auth (npm) Mar 5, 2026
A HTTP Host header attack vulnerability affects WebClient and the WebScheduler web apps of PcVue... Moderate Unreviewed
CVE-2026-1698 was published Feb 26, 2026
A Host Header Poisoning vulnerability exists in Monica 4.1.2 due to improper handling of the HTTP... Critical Unreviewed
CVE-2026-26747 was published Feb 20, 2026
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and... Moderate Unreviewed
CVE-2025-27901 was published Feb 17, 2026
JUNG Smart Visu Server 1.1.1050 contains a request header manipulation vulnerability that allows... High Unreviewed
CVE-2026-26234 was published Feb 12, 2026
IBM Concert 1.0.0 through 2.1.0 is vulnerable to HTTP header injection, caused by improper... Moderate Unreviewed
CVE-2024-51451 was published Feb 5, 2026
HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file... Low Unreviewed
CVE-2025-52660 was published Jan 19, 2026
A vulnerability was identified in MediaCrush 1.0.0/1.0.1. The affected element is an unknown... Moderate Unreviewed
CVE-2025-13803 was published Dec 1, 2025
A weakness has been identified in jameschz Hush Framework 2.0. The impacted element is an unknown... Moderate Unreviewed
CVE-2025-13434 was published Nov 20, 2025
Backdrop CMS Host Header Injection vulnerability Moderate
CVE-2025-63828 was published for backdrop/backdrop (Composer) Nov 18, 2025
OAuth2-Proxy is vulnerable to header smuggling via underscore leading to potential privilege escalation High
CVE-2025-64484 was published for github.com/oauth2-proxy/oauth2-proxy/v7 (Go) Nov 12, 2025
47Cid Credited to 47Cid
IBM OpenPages 9.0 and 9.1 is vulnerable to HTTP header injection, caused by improper validation... Moderate Unreviewed
CVE-2025-36223 was published Nov 12, 2025
The BigFix WebUI application responds with HOST information from the HTTP header field making it... Moderate Unreviewed
CVE-2025-52647 was published Oct 11, 2025
IBM SmartCloud Analytics - Log Analysis 1.3.7.0, 1.3.7.1, 1.3.7.2, 1.3.8.0, 1.3.8.1, and 1.3.8.2... Moderate Unreviewed
CVE-2024-40686 was published Jul 23, 2025
HTTP host header injection vulnerability in Icewarp Mail Server affecting version 11.4.0. By... Low Unreviewed
CVE-2025-40631 was published May 16, 2025
A vulnerability in the web application of ctrlX OS allows a remote unauthenticated attacker to... Moderate Unreviewed
CVE-2025-24339 was published Apr 30, 2025
IBM i 7.3, 7.4, 7.5, and 7.5 is vulnerable to a host header injection attack caused by improper... Moderate Unreviewed
CVE-2025-2950 was published Apr 21, 2025
IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to HTTP header injection, caused by... Moderate Unreviewed
CVE-2022-43847 was published Apr 14, 2025
IBM TXSeries for Multiplatforms 9.1 and 11.1 could disclose sensitive information to a remote... Moderate Unreviewed
CVE-2025-0154 was published Apr 2, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database