Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

167 advisories

Loading
The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Request Forgery) vulnerability... Critical Unreviewed
CVE-2021-22049 was published Nov 25, 2021
An SSRF issue was discovered in SquaredUp for SCOM 5.2.1.6654. Critical Unreviewed
CVE-2021-40091 was published Dec 7, 2021
Adding a new pipeline in GoCD server version 21.3.0 has a functionality that could be abused to... Critical Unreviewed
CVE-2021-44659 was published Dec 23, 2021
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use user-controlled input to craft a URL,... Critical Unreviewed
CVE-2021-42637 was published Feb 9, 2022
Novel-plus v3.6.0 was discovered to be vulnerable to Server-Side Request Forgery (SSRF) via user... Critical Unreviewed
CVE-2022-24568 was published Feb 11, 2022
This vulnerability could allow an attacker to force the server to create and execute a web... Critical Unreviewed
CVE-2022-21215 was published Feb 19, 2022
JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF). Critical Unreviewed
CVE-2022-25260 was published Feb 26, 2022
An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between... Critical Unreviewed
CVE-2021-45967 was published Mar 19, 2022
The FormCraft WordPress plugin before 3.8.28 does not validate the URL parameter in the... Critical Unreviewed
CVE-2022-0591 was published Mar 22, 2022
A vulnerability was discovered in GitLab starting with version 12. GitLab was vulnerable to a... Critical Unreviewed
CVE-2022-0249 was published Mar 29, 2022
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18. Critical Unreviewed
CVE-2022-0990 was published Apr 5, 2022
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18. Critical Unreviewed
CVE-2022-0939 was published Apr 5, 2022
An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to... Critical Unreviewed
CVE-2022-26499 was published Apr 16, 2022
A vulnerability in all versions of SCT/SCT Pro prior to version 14.2.2 allows a remote... Critical Unreviewed
CVE-2021-36203 was published Apr 23, 2022
Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via ... Critical Unreviewed
CVE-2022-27429 was published Apr 26, 2022
Monstaftp v2.10.3 was discovered to allow attackers to execute Server-Side Request Forgery (SSRF). Critical Unreviewed
CVE-2022-27469 was published Apr 27, 2022
The iot-manager microservice 1.0.0 in Northern.tech Mender Enterprise before 3.2.2 allows SSRF... Critical Unreviewed
CVE-2022-29556 was published Apr 29, 2022
The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 (the... Critical Unreviewed
CVE-2019-3395 was published May 13, 2022
A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to... Critical Unreviewed
CVE-2018-10511 was published May 13, 2022
Server Side Request Forgery vulnerability in Vebto Pixie Image Editor 1.4 and 1.7 allows remote... Critical Unreviewed
CVE-2017-12905 was published May 13, 2022
IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal can be exploited by app developers to... Critical Unreviewed
CVE-2019-4203 was published May 13, 2022
IBM API Connect v2018.1.0 through v2018.3.4 could allow an attacker to send a specially crafted... Critical Unreviewed
CVE-2018-1789 was published May 13, 2022
Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center... Critical Unreviewed
CVE-2018-0403 was published May 13, 2022
Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an... Critical Unreviewed
CVE-2018-0398 was published May 13, 2022
Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an... Critical Unreviewed
CVE-2018-0399 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API