Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,154
NuGet
736
pip
3,953
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

510 advisories

Loading
A vulnerability in the session validation feature of Cisco Data Center Network Manager (DCNM)... High Unreviewed
CVE-2021-1272 was published May 24, 2022
Adobe Campaign Classic Gold Standard 10 (and earlier), 20.3.1 (and earlier), 20.2.3 (and earlier)... High Unreviewed
CVE-2021-21009 was published May 24, 2022
The Canto plugin 1.3.0 for WordPress allows includes/lib/download.php?subdomain= SSRF. High Unreviewed
CVE-2020-24063 was published May 24, 2022
A SSRF vulnerability exists in Winmail 6.5 in app.php in the key parameter when HTTPS is on. An... High Unreviewed
CVE-2020-23776 was published May 24, 2022
In Aruba AirWave Glass before 1.3.3, there is a Server-Side Request Forgery vulnerability through... High Unreviewed
CVE-2020-24641 was published May 24, 2022
An SSRF issue was discovered in Zammad before 3.4.1. The SMS configuration interface for... High Unreviewed
CVE-2020-26032 was published May 24, 2022
SAP Fiori Launchpad (News tile Application), versions - 750,751,752,753,754,755, allows an... High Unreviewed
CVE-2020-26815 was published May 24, 2022
MISP through 2.4.133 allows SSRF in the REST client via the use_full_path parameter with an... High Unreviewed
CVE-2020-28043 was published May 24, 2022
In JetBrains YouTrack before 2020.2.10514, SSRF is possible because URL filtering can be escaped. High Unreviewed
CVE-2020-15822 was published May 24, 2022
kkFileView v4.1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the... High Unreviewed
CVE-2022-43140 was published Nov 17, 2022
Some Dahua software products have a vulnerability of server-side request forgery (SSRF). An... High Unreviewed
CVE-2022-45429 was published Dec 27, 2022
An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite ... High Unreviewed
CVE-2022-37041 was published Aug 13, 2022
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.7. High Unreviewed
CVE-2022-1767 was published May 19, 2022
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.6. High Unreviewed
CVE-2022-1723 was published May 18, 2022
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.8. High Unreviewed
CVE-2022-1784 was published May 21, 2022
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.5. High Unreviewed
CVE-2022-1711 was published May 18, 2022
CSZCMS v1.3.0 allows attackers to execute a Server-Side Request Forgery (SSRF) which can be... High Unreviewed
CVE-2022-28997 was published May 24, 2022
An issue in the graphData.cgi component of perfSONAR v4.4.5 and prior allows attackers to access... High Unreviewed
CVE-2022-41412 was published Nov 30, 2022
The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php in DokuWiki 2016-06-26a... High Unreviewed
CVE-2016-7964 was published May 17, 2022
In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP... High Unreviewed
CVE-2016-9752 was published May 17, 2022
The Post SMTP Mailer/Email Log WordPress plugin before 2.1.7 does not have proper authorisation... High Unreviewed
CVE-2022-2352 was published Sep 27, 2022
HPE Release Control (RC) 9.13, 9.20, and 9.21 before 9.21.0005 p4 allows remote authenticated... High Unreviewed
CVE-2016-4374 was published May 17, 2022
IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4... High Unreviewed
CVE-2022-31776 was published Aug 2, 2022
The media-file upload feature in GeniXCMS through 0.0.8 allows remote attackers to conduct SSRF... High Unreviewed
CVE-2017-5518 was published May 17, 2022
In vBulletin before 5.3.0, remote attackers can bypass the CVE-2016-6483 patch and conduct SSRF... High Unreviewed
CVE-2017-7569 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database