Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

362 advisories

Loading
Dell EMC Streaming Data Platform versions before 1.3 contain a Server Side Request Forgery... Moderate Unreviewed
CVE-2021-36327 was published Dec 1, 2021
IBM QRadar SIEM 7.3 and 7.4 is vulnerable to server side request forgery (SSRF). This may allow... Moderate Unreviewed
CVE-2021-29863 was published Dec 2, 2021
An information disclosure via GET request server-side request forgery vulnerability was... Moderate Unreviewed
CVE-2021-37940 was published Dec 8, 2021
The Zoom Client for Meetings before version 5.7.3 (for Android, iOS, Linux, macOS, and Windows)... Moderate Unreviewed
CVE-2021-34425 was published Dec 15, 2021
PartKeepr versions up to v1.4.0, in the functionality to upload attachments using a URL when... Moderate Unreviewed
CVE-2022-22702 was published Jan 11, 2022
SSRF vulnerability in M-Files Server products with versions before 22.1.11017.1, in a preview... Moderate Unreviewed
CVE-2021-41809 was published Jan 19, 2022
Server side request forgery protections in GitLab CE/EE versions between 8.4 and 14.4.x, between... Moderate Unreviewed
CVE-2021-39927 was published Jan 19, 2022
Dell EMC Data Protection Central versions 19.5 and prior contain a Server Side Request Forgery... Moderate Unreviewed
CVE-2021-36349 was published Jan 25, 2022
In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call was possible. Moderate Unreviewed
CVE-2022-24333 was published Feb 26, 2022
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to server-side request... Moderate Unreviewed
CVE-2021-39051 was published Mar 15, 2022
The DefaultRepositoryAdminService class in Fisheye and Crucible before version 4.8.9 allowed... Moderate Unreviewed
CVE-2021-43954 was published Mar 15, 2022
Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF. Moderate Unreviewed
CVE-2022-27907 was published Mar 31, 2022
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 14... Moderate Unreviewed
CVE-2022-1188 was published Apr 5, 2022
Dr Trust USA iCheck Connect BP Monitor BP Testing 118 version 1.2.1 is vulnerable to Transmitting... Moderate Unreviewed
CVE-2020-27375 was published Apr 8, 2022
Server-side request forgery (SSRF) vulnerability in feed-proxy.php in extjs 5.0.0. Moderate Unreviewed
CVE-2007-6758 was published Apr 21, 2022
A Server-Side Request Forgery (SSRF) in feed_parser class of Navigate CMS v2.9.4 allows remote... Moderate Unreviewed
CVE-2022-28117 was published Apr 29, 2022
Talend Administration Center has a vulnerability that allows an authenticated user to use the... Moderate Unreviewed
CVE-2022-29942 was published May 5, 2022
Jspxcms v10.2.0 allows attackers to execute a Server-Side Request Forgery (SSRF) via /cmscp/ext... Moderate Unreviewed
CVE-2022-28090 was published May 5, 2022
In Progress Ipswitch WhatsUp Gold 17.0.0 through 21.1.1, and 22.0.0, it is possible for an... Moderate Unreviewed
CVE-2022-29848 was published May 12, 2022
The VerifyPopServerConnection resource in Atlassian Jira before version 7.6.10, from version 7.7... Moderate Unreviewed
CVE-2018-13404 was published May 13, 2022
The configuration file import for applications, spyware and vulnerability objects functionality... Moderate Unreviewed
CVE-2017-15943 was published May 13, 2022
A vulnerability in the web interface of Cisco TelePresence Conductor, Cisco Expressway Series,... Moderate Unreviewed
CVE-2019-1679 was published May 13, 2022
A Server-Side Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch... Moderate Unreviewed
CVE-2017-6036 was published May 13, 2022
The Github repository importer in Atlassian Bitbucket Server before version 5.3.0 allows remote... Moderate Unreviewed
CVE-2017-18036 was published May 13, 2022
Server-side request forgery (SSRF) vulnerability in Link Preview in Synology Chat before 2.0.0... Moderate Unreviewed
CVE-2017-15886 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database