Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

284 advisories

Loading
RHACM: unauthenticated SSRF in console API endpoint. A Server-Side Request Forgery (SSRF)... High Unreviewed
CVE-2022-3841 was published Jan 13, 2023
Ligeo Archives Ligeo Basics as of 02_01-2022 is vulnerable to Server Side Request Forgery (SSRF)... High Unreviewed
CVE-2021-46107 was published Mar 18, 2022
An issue was discovered in MISP before 2.4.156. app/Model/Server.php does not restrict... High Unreviewed
CVE-2022-27245 was published Mar 19, 2022
Sentinel 1.8.2 is vulnerable to Server-side request forgery (SSRF). High Unreviewed
CVE-2021-44139 was published Mar 24, 2022
A vulnerability was discovered in GitLab versions 10.5 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14... High Unreviewed
CVE-2022-0136 was published Mar 29, 2022
SSRF on index.php/cobrowse/proxycss/ in GitHub repository livehelperchat/livehelperchat prior to... High Unreviewed
CVE-2022-1191 was published Apr 1, 2022
MashZone NextGen through 10.7 GA has an SSRF vulnerability that allows an attacker to interact... High Unreviewed
CVE-2021-33581 was published Apr 1, 2022
A DNS rebinding vulnerability in the Irker IRC Gateway integration in all versions of GitLab CE... High Unreviewed
CVE-2022-0425 was published Apr 3, 2022
IBM Planning Analytics 2.0 is vulnerable to server-side request forgery (SSRF). This may allow an... High Unreviewed
CVE-2022-22339 was published Apr 9, 2022
Server-Side Request Forgery (SSRF) vulnerability in Johnson Controls Metasys could allow an... High Unreviewed
CVE-2021-36202 was published Apr 8, 2022
A Server-Side Request Forgery (SSRF) in Chamilo LMS v1.11.13 allows attackers to enumerate the... High Unreviewed
CVE-2022-27426 was published Apr 16, 2022
The EXMAGE WordPress plugin before 1.0.7 does to ensure that images added via URLs are external... High Unreviewed
CVE-2022-1037 was published Apr 19, 2022
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio... High Unreviewed
CVE-2022-1815 was published May 26, 2022
The AppCheck research team identified a Server-Side Request Forgery (SSRF) vulnerability within... High Unreviewed
CVE-2021-40186 was published Jun 3, 2022
XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might... High Unreviewed
CVE-2017-9355 was published May 17, 2022
The Import Export All WordPress Images, Users & Post Types WordPress plugin before 6.5.3 does not... High Unreviewed
CVE-2022-1977 was published Jun 28, 2022
With this SSRF vulnerability, an attacker can reach internal addresses to make a request as the... High Unreviewed
CVE-2022-2339 was published Jul 8, 2022
MyBB before 1.8.11 allows remote attackers to bypass an SSRF protection mechanism. High Unreviewed
CVE-2017-7566 was published May 17, 2022
The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor... High Unreviewed
CVE-2022-22982 was published Jul 14, 2022
ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server... High Unreviewed
CVE-2016-7999 was published May 17, 2022
F5 SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 is vulnerable to a Server-Side... High Unreviewed
CVE-2017-6130 was published May 17, 2022
In vBulletin before 5.3.0, remote attackers can bypass the CVE-2016-6483 patch and conduct SSRF... High Unreviewed
CVE-2017-7569 was published May 17, 2022
The fetch_remote_file function in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System... High Unreviewed
CVE-2016-9417 was published May 17, 2022
The media-file upload feature in GeniXCMS through 0.0.8 allows remote attackers to conduct SSRF... High Unreviewed
CVE-2017-5518 was published May 17, 2022
IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4... High Unreviewed
CVE-2022-31776 was published Aug 2, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database