Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,201
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,702
NuGet
660
pip
3,328
Pub
11
RubyGems
883
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+

225 advisories

Loading
Server-Side Request Forgery in private-ip Critical
CVE-2020-28360 was published for private-ip (npm) Apr 13, 2021
Server-Side Request Forgery in ftp-srv Critical
CVE-2020-15152 was published for ftp-srv (npm) Aug 17, 2020
andreeleuterio trs
quiquelhappy
Server Side Request Forgery vulnerability in Vebto Pixie Image Editor 1.4 and 1.7 allows remote... Critical Unreviewed
CVE-2017-12905 was published May 13, 2022
The application was vulnerable to a Server-Side Request Forgery attacks, allowing the backend... Critical Unreviewed
CVE-2022-40296 was published Nov 1, 2022
A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to... Critical Unreviewed
CVE-2018-10511 was published May 13, 2022
Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) are vulnerable to SSRF when... Critical Unreviewed
CVE-2022-35508 was published Dec 4, 2022
The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 (the... Critical Unreviewed
CVE-2019-3395 was published May 13, 2022
Server-Side Request Forgery in Hawt Hawtio Critical
CVE-2019-9827 was published for io.hawt:hawtio-core (Maven) Jul 5, 2019
IBM Cognos Analytics 11.1.7 11.2.0, and 11.2.1 could be vulnerable to a Server-Side Request... Critical Unreviewed
CVE-2022-38708 was published Dec 19, 2022
Apache CXF Server-Side Request Forgery vulnerability Critical
CVE-2022-46364 was published for org.apache.cxf:cxf-core (Maven) Dec 13, 2022
A security issue was discovered in Z-BlogPHP <= 1.7.2. A Server-Side Request Forgery (SSRF)... Critical Unreviewed
CVE-2022-40357 was published Sep 21, 2022
IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal can be exploited by app developers to... Critical Unreviewed
CVE-2019-4203 was published May 13, 2022
A Server-Side Request Forgery issue in Canto Cumulus through 11.1.3 allows attackers to enumerate... Critical Unreviewed
CVE-2022-40305 was published Sep 10, 2022
The server in Jamf Pro before 10.32.0 has a vulnerability affecting integrity and availability,... Critical Unreviewed
CVE-2021-39303 was published May 24, 2022
An issue was discovered in Zammad before 4.1.1. SSRF can occur via GitHub or GitLab integration. Critical Unreviewed
CVE-2021-42091 was published May 24, 2022
Myucms v2.2.1 contains a server-side request forgery (SSRF) in the component \controller\index... Critical Unreviewed
CVE-2020-21653 was published May 24, 2022
ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF. Critical Unreviewed
CVE-2021-37419 was published May 24, 2022
Server-Side Request Forgery (SSRF) vulnerability has been detected in the SAP NetWeaver... Critical Unreviewed
CVE-2021-33690 was published May 24, 2022
eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject a url to trigger... Critical Unreviewed
CVE-2021-39497 was published May 24, 2022
Nagios XI Docker Wizard before version 1.1.3 is vulnerable to SSRF due to improper sanitation in... Critical Unreviewed
CVE-2021-37353 was published May 24, 2022
The OnAir2 WordPress theme before 3.9.9.2 and QT KenthaRadio WordPress plugin before 2.0.2 have... Critical Unreviewed
CVE-2021-24472 was published May 24, 2022
A Server-Side Request Forgery (SSRF) vulnerability in ArcGIS Server Manager version 10.8.1 and... Critical Unreviewed
CVE-2021-29102 was published May 24, 2022
Server-side request forgery (SSRF) in the Import XML and RSS Feeds (import-xml-feed) plugin 2.0.1... Critical Unreviewed
CVE-2020-24148 was published May 24, 2022
Server-side request forgery in the Video Downloader for TikTok (aka downloader-tiktok) plugin 1.3... Critical Unreviewed
CVE-2020-24142 was published May 24, 2022
Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to Server-Side Request Forgery ... Critical Unreviewed
CVE-2021-31531 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database