GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
17 advisories
Filter by severity
Butterfly has path/URL confusion in resource handling leading to multiple weaknesses
Critical
CVE-2024-47883
was published
for
org.openrefine.dependencies:butterfly
(Maven)
Oct 24, 2024
Apache Karaf Cave: Cave SSRF and arbitrary file access
Critical
CVE-2024-34365
was published
for
org.apache.karaf:cave
(Maven)
May 14, 2024
SSRF vulnerability using the Aegis DataBinding in Apache CXF
Critical
CVE-2024-28752
was published
for
org.apache.cxf:cxf-core
(Maven)
Mar 15, 2024
Microcks contains a Server-Side Request Forgery (SSRF) via the component /jobs and /artifact/download
Critical
CVE-2023-48910
was published
for
io.github.microcks:microcks
(Maven)
Dec 4, 2023
Cookies are sent to external images in rendered diff (and server side request forgery)
Critical
CVE-2023-48240
was published
for
org.xwiki.platform:xwiki-platform-diff-xml
(Maven)
Nov 20, 2023
OpenCRX allows a remote attacker to execute arbitrary code via a crafted request
Critical
CVE-2023-46502
was published
for
org.opencrx:opencrx-client
(Maven)
Oct 31, 2023
OpenAPI Generator vulnerable to Server-Side Request Forgery
Critical
CVE-2023-27162
was published
for
org.openapitools:openapi-generator-project
(Maven)
Mar 31, 2023
AWS SDK is vulnerable to server-side request forgery (SSRF)
Critical
CVE-2022-4725
was published
for
com.amazonaws:aws-android-sdk-mobile-client
(Maven)
Dec 27, 2022
Apache CXF Server-Side Request Forgery vulnerability
Critical
CVE-2022-46364
was published
for
org.apache.cxf:cxf-core
(Maven)
Dec 13, 2022
Gluu Oxauth before v4.4.1 vulnerable to Server-Side Request Forgery attacks via a crafted request_uri parameter
Critical
CVE-2022-36663
was published
for
org.gluu:oxauth-common
(Maven)
Sep 7, 2022
Insufficient user input in Apache Jetspeed-2
Critical
CVE-2022-32533
was published
for
org.apache.portals.jetspeed-2:jetspeed-commons
(Maven)
Jul 7, 2022
WSO2 API Manager vulnerable to SSRF
Critical
CVE-2020-13226
was published
for
org.wso2.am:am-parent
(Maven)
May 24, 2022
Ignite Realtime Openfire vulnerable to Server Side Request Forgery
Critical
CVE-2019-18394
was published
for
org.igniterealtime.openfire:parent
(Maven)
May 24, 2022
Server-Side Request Forgery and Uncontrolled Resource Consumption in LemMinX
Critical
CVE-2022-0671
was published
for
org.eclipse.lemminx:lemminx-parent
(Maven)
Feb 19, 2022
Server-Side Request Forgery in Hawt Hawtio
Critical
CVE-2019-9827
was published
for
io.hawt:hawtio-core
(Maven)
Jul 5, 2019
Server-Side Request Forgery (SSRF) in com.ctrip.framework.apollo:apollo
Critical
CVE-2019-10686
was published
for
com.ctrip.framework.apollo:apollo
(Maven)
Apr 18, 2019
Server-Side Request Forgery (SSRF) in jackson-databind
Critical
CVE-2018-14721
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jan 4, 2019
ProTip!
Advisories are also available from the
GraphQL API