Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,154
NuGet
736
pip
3,953
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

362 advisories

Loading
Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer 6.2.0 and before for... High Unreviewed
CVE-2019-12959 was published May 24, 2022
GitLab CE/EE, versions 8.18 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1... High Unreviewed
CVE-2018-19571 was published May 24, 2022
ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190226 allows SSRF via the... High Unreviewed
CVE-2019-9187 was published May 24, 2022
WPO WebPageTest 19.04 allows SSRF because ValidateURL in www/runtest.php does not consider octal... High Unreviewed
CVE-2019-12161 was published May 24, 2022
TheHive Project UnshortenLink analyzer before 1.1, included in Cortex-Analyzers before 1.15.2,... High Unreviewed
CVE-2019-7652 was published May 24, 2022
Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8... High Unreviewed
CVE-2019-9621 was published May 24, 2022
CSZCMS v1.3.0 allows attackers to execute a Server-Side Request Forgery (SSRF) which can be... High Unreviewed
CVE-2022-28997 was published May 24, 2022
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.8. High Unreviewed
CVE-2022-1784 was published May 21, 2022
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.7. High Unreviewed
CVE-2022-1767 was published May 19, 2022
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.5. High Unreviewed
CVE-2022-1711 was published May 18, 2022
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.6. High Unreviewed
CVE-2022-1723 was published May 18, 2022
HPE Release Control (RC) 9.13, 9.20, and 9.21 before 9.21.0005 p4 allows remote authenticated... High Unreviewed
CVE-2016-4374 was published May 17, 2022
The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php in DokuWiki 2016-06-26a... High Unreviewed
CVE-2016-7964 was published May 17, 2022
In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP... High Unreviewed
CVE-2016-9752 was published May 17, 2022
The media-file upload feature in GeniXCMS through 0.0.8 allows remote attackers to conduct SSRF... High Unreviewed
CVE-2017-5518 was published May 17, 2022
The fetch_remote_file function in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System... High Unreviewed
CVE-2016-9417 was published May 17, 2022
MyBB before 1.8.11 allows remote attackers to bypass an SSRF protection mechanism. High Unreviewed
CVE-2017-7566 was published May 17, 2022
F5 SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 is vulnerable to a Server-Side... High Unreviewed
CVE-2017-6130 was published May 17, 2022
In vBulletin before 5.3.0, remote attackers can bypass the CVE-2016-6483 patch and conduct SSRF... High Unreviewed
CVE-2017-7569 was published May 17, 2022
ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server... High Unreviewed
CVE-2016-7999 was published May 17, 2022
XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might... High Unreviewed
CVE-2017-9355 was published May 17, 2022
The media-file upload feature in vBulletin before 3.8.7 Patch Level 6, 3.8.8 before Patch Level 2... High Unreviewed
CVE-2016-6483 was published May 17, 2022
WordPress before 4.5 does not consider octal and hexadecimal IP address formats when determining... High Unreviewed
CVE-2016-4029 was published May 17, 2022
SSRF exists in Webmin 1.850 via the PATH_INFO to tunnel/link.cgi, as demonstrated by a GET... High Unreviewed
CVE-2017-15644 was published May 17, 2022
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are... High Unreviewed
CVE-2017-1000139 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database