GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
145 advisories
Incus container environment configuration newline injection
High
CVE-2026-23953
was published
for
github.com/lxc/incus/v6
(Go)
Jan 22, 2026
Mailpit has an SMTP Header Injection via Regex Bypass
Moderate
CVE-2026-23829
was published
for
github.com/axllent/mailpit
(Go)
Jan 20, 2026
BlackSheep's ClientSession is vulnerable to CRLF injection
Moderate
CVE-2026-22779
was published
for
blacksheep
(pip)
Jan 14, 2026
Netty has a CRLF Injection vulnerability in io.netty.handler.codec.http.HttpRequestEncoder
Moderate
CVE-2025-67735
was published
for
io.netty:netty-codec-http
(Maven)
Dec 15, 2025
Netty has SMTP Command Injection Vulnerability that Allows Email Forgery
High
CVE-2025-59419
was published
for
io.netty:netty-codec-smtp
(Maven)
Oct 15, 2025
h2 allows HTTP Request Smuggling due to illegal characters in headers
Moderate
CVE-2025-57804
was published
for
h2
(pip)
Aug 25, 2025
ProTip!
Advisories are also available from the
GraphQL API