Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

225 advisories

Loading
An issue was discovered in Zammad before 4.1.1. SSRF can occur via GitHub or GitLab integration. Critical Unreviewed
CVE-2021-42091 was published May 24, 2022
Myucms v2.2.1 contains a server-side request forgery (SSRF) in the component \controller\index... Critical Unreviewed
CVE-2020-21653 was published May 24, 2022
Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1... Critical Unreviewed
CVE-2021-27561 was published May 24, 2022
The server in Jamf Pro before 10.32.0 has a vulnerability affecting integrity and availability,... Critical Unreviewed
CVE-2021-39303 was published May 24, 2022
Server-Side Request Forgery in charm Critical
CVE-2022-29180 was published for github.com/charmbracelet/charm (Go) May 24, 2022
A Server-Side Request Forgery (SSRF) in the getFileBinary function of nbnbk cms 3 allows... Critical Unreviewed
CVE-2022-31386 was published Jun 10, 2022
Server-Side Request Forgery in kityminder Critical
CVE-2022-31830 was published for kityminder (npm) Jun 10, 2022
Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via... Critical Unreviewed
CVE-2022-31393 was published Jun 10, 2022
MonstaFTP v2.10.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the function... Critical Unreviewed
CVE-2022-31827 was published Jun 10, 2022
Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via... Critical Unreviewed
CVE-2022-31390 was published Jun 10, 2022
A Server-Side Request Forgery (SSRF) vulnerability in IPS Community Suite before 4.6.2 allows... Critical Unreviewed
CVE-2021-40604 was published Jun 14, 2022
flatCore-CMS version 2.0.8 calls dangerous functions, causing server-side request forgery... Critical Unreviewed
CVE-2021-41403 was published Jun 16, 2022
Halo CMS v1.5.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the template... Critical Unreviewed
CVE-2022-32995 was published Jun 28, 2022
Server-Side Request Forgery in parse-url Critical
CVE-2022-2216 was published for parse-url (npm) Jun 28, 2022
Insufficient user input in Apache Jetspeed-2 Critical
CVE-2022-32533 was published for org.apache.portals.jetspeed-2:jetspeed-commons (Maven) Jul 7, 2022
Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x before 5.0.3 allows SSRF via... Critical Unreviewed
CVE-2022-25800 was published Jul 15, 2022
Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x before 5.0.3 allows SSRF via... Critical Unreviewed
CVE-2022-25801 was published Jul 15, 2022
wkhtmlTOpdf 0.12.6 is vulnerable to SSRF which allows an attacker to get initial access into the... Critical Unreviewed
CVE-2022-35583 was published Aug 23, 2022
Server-side Request Forgery (SSRF) vulnerability in PublicCMS before 4.0.202011.b via /publiccms... Critical Unreviewed
CVE-2021-27693 was published Sep 3, 2022
Gluu Oxauth before v4.4.1 vulnerable to Server-Side Request Forgery attacks via a crafted request_uri parameter Critical
CVE-2022-36663 was published for org.gluu:oxauth-common (Maven) Sep 7, 2022
tdunlap607
Rank Math SEO plugin vulnerable to Server-Side Request Forgery Critical
CVE-2022-36376 was published for rankmath/seo-by-rank-math (Composer) Sep 10, 2022
A Server-Side Request Forgery issue in Canto Cumulus through 11.1.3 allows attackers to enumerate... Critical Unreviewed
CVE-2022-40305 was published Sep 10, 2022
SLiMS Senayan Library Management System v9.4.2 was discovered to contain multiple Server-Side... Critical Unreviewed
CVE-2022-38292 was published Sep 13, 2022
Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url Critical
CVE-2022-2900 was published for parse-url (npm) Sep 15, 2022
allanlewis G-Rath
A security issue was discovered in Z-BlogPHP <= 1.7.2. A Server-Side Request Forgery (SSRF)... Critical Unreviewed
CVE-2022-40357 was published Sep 21, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database