Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

225 advisories

Loading
An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between... Critical Unreviewed
CVE-2021-45967 was published Mar 19, 2022
The FormCraft WordPress plugin before 3.8.28 does not validate the URL parameter in the... Critical Unreviewed
CVE-2022-0591 was published Mar 22, 2022
A vulnerability was discovered in GitLab starting with version 12. GitLab was vulnerable to a... Critical Unreviewed
CVE-2022-0249 was published Mar 29, 2022
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18. Critical Unreviewed
CVE-2022-0990 was published Apr 5, 2022
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18. Critical Unreviewed
CVE-2022-0939 was published Apr 5, 2022
An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to... Critical Unreviewed
CVE-2022-26499 was published Apr 16, 2022
A vulnerability in all versions of SCT/SCT Pro prior to version 14.2.2 allows a remote... Critical Unreviewed
CVE-2021-36203 was published Apr 23, 2022
Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via ... Critical Unreviewed
CVE-2022-27429 was published Apr 26, 2022
Server side request forgery in gibbon Critical
CVE-2022-27311 was published for gibbon (RubyGems) Apr 26, 2022
Plsr
Monstaftp v2.10.3 was discovered to allow attackers to execute Server-Side Request Forgery (SSRF). Critical Unreviewed
CVE-2022-27469 was published Apr 27, 2022
The iot-manager microservice 1.0.0 in Northern.tech Mender Enterprise before 3.2.2 allows SSRF... Critical Unreviewed
CVE-2022-29556 was published Apr 29, 2022
The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 (the... Critical Unreviewed
CVE-2019-3395 was published May 13, 2022
A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to... Critical Unreviewed
CVE-2018-10511 was published May 13, 2022
Server Side Request Forgery vulnerability in Vebto Pixie Image Editor 1.4 and 1.7 allows remote... Critical Unreviewed
CVE-2017-12905 was published May 13, 2022
IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal can be exploited by app developers to... Critical Unreviewed
CVE-2019-4203 was published May 13, 2022
Moodle Blind SSRF Risk in /badges/mybackpack.php Critical
CVE-2019-3809 was published for moodle/moodle (Composer) May 13, 2022
IBM API Connect v2018.1.0 through v2018.3.4 could allow an attacker to send a specially crafted... Critical Unreviewed
CVE-2018-1789 was published May 13, 2022
Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center... Critical Unreviewed
CVE-2018-0403 was published May 13, 2022
Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an... Critical Unreviewed
CVE-2018-0399 was published May 13, 2022
Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an... Critical Unreviewed
CVE-2018-0398 was published May 13, 2022
Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF. Critical Unreviewed
CVE-2019-3905 was published May 14, 2022
upload.php in Responsive FileManager 9.13.1 allows SSRF via the url parameter. Critical Unreviewed
CVE-2018-14728 was published May 14, 2022
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before... Critical Unreviewed
CVE-2019-9174 was published May 14, 2022
Rhymix CMS 1.9.8.1 allows SSRF via an index.php?module=admin&act=dispModuleAdminFileBox SVG upload. Critical Unreviewed
CVE-2018-19601 was published May 14, 2022
com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishandles the studioService... Critical Unreviewed
CVE-2019-8982 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database