GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
59 advisories
Filter by severity
Authenticated Server Side Request Forgery
Low
GHSA-8pfh-mm2g-hmc3
was published
for
shopware/core
(Composer)
Dec 21, 2020
Lack of Input Validation in zendesk_api_client_php for Zendesk Subdomain
Critical
CVE-2021-30492
was published
for
zendesk/zendesk_api_client_php
(Composer)
Apr 29, 2021
Server side request forgery in LiveHelperChat
High
CVE-2022-1213
was published
for
remdex/livehelperchat
(Composer)
Apr 6, 2022
Server-Side Request Forgery (SSRF) in Shopware
High
CVE-2022-24871
was published
for
shopware/core
(Composer)
Apr 22, 2022
Rank Math SEO plugin vulnerable to Server-Side Request Forgery
Critical
CVE-2022-36376
was published
for
rankmath/seo-by-rank-math
(Composer)
Sep 10, 2022
elFinder before 2.1.59 contains multiple vulnerabilities leading to RCE
Critical
CVE-2021-32682
was published
for
studio-42/elfinder
(Composer)
Jun 16, 2021
Server-Side Request Forgery in dompdf/dompdf
Moderate
CVE-2022-0085
was published
for
dompdf/dompdf
(Composer)
Jun 29, 2022
Server-Side Request Forgery in yoast_seo
Moderate
CVE-2021-31779
was published
for
yoast-seo-for-typo3/yoast_seo
(Composer)
May 21, 2021
Authenticated server-side request forgery in file upload via URL.
High
CVE-2021-37711
was published
for
shopware/core
(Composer)
Aug 23, 2021
Server-Side Request Forgery in Concrete CMS
Moderate
CVE-2021-22969
was published
for
concrete5/core
(Composer)
Nov 23, 2021
Server-Side Request Forgery vulnerability in concrete5
High
CVE-2021-22958
was published
for
concrete5/concrete5
(Composer)
Oct 12, 2021
Server-Side Request Forgery in Concrete CMS
Moderate
CVE-2021-22970
was published
for
concrete5/core
(Composer)
Nov 23, 2021
Ariadne Component Library vulnerable to Server-Side Request Forgery
Critical
CVE-2017-20157
was published
for
arc/web
(Composer)
Dec 31, 2022
Cross-site Scripting in HTML2PDF
High
CVE-2021-45394
was published
for
spipu/html2pdf
(Composer)
Jan 21, 2022
Moodle vulnerable to Server-Side Request Forgery
High
CVE-2021-36396
was published
for
moodle/moodle
(Composer)
Mar 6, 2023
Appwrite Server-Side Request Forgery vulnerability
High
CVE-2023-27159
was published
for
appwrite/server-ce
(Composer)
Mar 31, 2023
phpBB Server-Side Request Forgery Vulnerability
Moderate
CVE-2020-8226
was published
for
phpbb/phpbb
(Composer)
May 24, 2022
Server-Side Request Forgery in Feehi CMS
Critical
CVE-2021-30108
was published
for
feehi/cms
(Composer)
Jun 8, 2021
SSRF in Kitodo.Presentation
High
CVE-2022-24980
was published
for
kitodo/presentation
(Composer)
Feb 20, 2022
Shopware vulnerable to SSRF
High
CVE-2020-13970
was published
for
shopware/platform
(Composer)
May 24, 2022
phpThumb is vulnerable to Server-Side Request Forgery (SSRF)
Moderate
CVE-2013-6919
was published
for
james-heinrich/phpthumb
(Composer)
May 17, 2022
Moodle SSRF Vulnerability
Moderate
CVE-2018-1042
was published
for
moodle/moodle
(Composer)
May 14, 2022
Server-Side Request Forgery in snipe/snipe-it
High
CVE-2021-4075
was published
for
snipe/snipe-it
(Composer)
Dec 10, 2021
vrana/adminer vulnerable to SSRF by connecting to privileged ports
Moderate
CVE-2018-7667
was published
for
vrana/adminer
(Composer)
Feb 11, 2021
ProTip!
Advisories are also available from the
GraphQL API