Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

225 advisories

Loading
The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9,... Critical Unreviewed
CVE-2018-18843 was published May 14, 2022
** DISPUTED ** mPDF through 7.1.6, if deployed as a web application that accepts arbitrary HTML,... Critical Unreviewed
CVE-2018-19047 was published May 14, 2022
Jspxcms v9.0.0 allows SSRF. Critical Unreviewed
CVE-2018-20596 was published May 14, 2022
Typecho V1.1 allows remote attackers to send shell commands via base64-encoded serialized data,... Critical Unreviewed
CVE-2018-18753 was published May 14, 2022
An issue was discovered in SeaCMS 6.61. adm1n/admin_reslib.php has SSRF via the url parameter. Critical Unreviewed
CVE-2018-16444 was published May 14, 2022
AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to... Critical Unreviewed
CVE-2018-2445 was published May 14, 2022
An SSRF vulnerability was discovered in idreamsoft iCMS V7.0.9 that allows attackers to read... Critical Unreviewed
CVE-2018-14514 was published May 14, 2022
uniquesig0/InternalSite/InitParams.aspx in Microsoft Forefront Unified Access Gateway 2010 allows... Critical Unreviewed
CVE-2018-12571 was published May 14, 2022
Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an... Critical Unreviewed
CVE-2018-12678 was published May 14, 2022
application/home/controller/debug.php in PHPRAP 1.0.4 through 1.0.8 has SSRF via the /debug URI,... Critical Unreviewed
CVE-2018-11031 was published May 14, 2022
A web-accessible backdoor, with resultant SSRF, exists in Tp-shop 2.0.5 through 2.0.8, which... Critical Unreviewed
CVE-2018-9919 was published May 14, 2022
An SSRF issue was discovered in NmAPI.exe in Ipswitch WhatsUp Gold before 2018 (18.0). Malicious... Critical Unreviewed
CVE-2018-8939 was published May 14, 2022
SSRF (Server Side Request Forgery) in /assets/lib/fuc.js.php in Cockpit 0.4.4 through 0.5.5... Critical Unreviewed
CVE-2018-9302 was published May 14, 2022
SSRF (Server Side Request Forgery) in Cockpit 0.13.0 allows remote attackers to read arbitrary... Critical Unreviewed
CVE-2017-14611 was published May 14, 2022
SSRF (Server Side Request Forgery) in getRemoteImage.php in Ueditor in Onethink V1.0 and V1.1... Critical Unreviewed
CVE-2017-14323 was published May 14, 2022
SSRF (Server Side Request Forgery) in tpshop 2.0.5 and 2.0.6 allows remote attackers to obtain... Critical Unreviewed
CVE-2017-16614 was published May 14, 2022
I, Librarian version 4.8 and earlier contains a SSRF vulnerability in "url" parameter of... Critical Unreviewed
CVE-2018-1000138 was published May 14, 2022
URL Restriction Bypass in GitHub repository plantuml/plantuml prior to V1.2022.5. An attacker can... Critical Unreviewed
CVE-2022-1379 was published May 15, 2022
The Fusion Builder WordPress plugin before 3.6.2, used in the Avada theme, does not validate a... Critical Unreviewed
CVE-2022-1386 was published May 17, 2022
An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A Server-Side Request... Critical Unreviewed
CVE-2017-11291 was published May 17, 2022
I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request Forgery in the... Critical Unreviewed
CVE-2017-1000237 was published May 17, 2022
An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because a regular... Critical Unreviewed
CVE-2017-8794 was published May 17, 2022
A remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s... Critical Unreviewed
CVE-2022-28616 was published May 18, 2022
Server Side Request Forgery (SSRF) exists in the Print My Blog plugin before 1.6.7 for WordPress... Critical Unreviewed
CVE-2019-11565 was published May 24, 2022
openid.php in LightOpenID through 1.3.1 allows SSRF via a crafted OpenID 2.0 assertion request... Critical Unreviewed
CVE-2019-11066 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database