Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,780
Erlang
36
GitHub Actions
29
Go
2,343
Maven
5,000+
npm
3,973
NuGet
719
pip
3,770
Pub
12
RubyGems
923
Rust
978
Swift
38
Unreviewed advisories
All unreviewed
5,000+

479 advisories

Loading
A vulnerability classified as critical has been found in MuYuCMS 2.2. This affects an unknown... High Unreviewed
CVE-2023-1046 was published Feb 26, 2023
maccms10 2021.1000.2000 is vulnerable to Server-side request forgery (SSRF). High Unreviewed
CVE-2022-47872 was published Feb 2, 2023
Server-Side Request Forgery in Apache Traffic Control High
CVE-2022-23206 was published for github.com/apache/trafficcontrol (Go) Feb 7, 2022
The OIDC OP plugin before 3.0.4 for Shibboleth Identity Provider allows server-side request... High Unreviewed
CVE-2022-24129 was published Feb 10, 2022
A limited SSRF vulnerability was discovered on Western Digital My Cloud devices that could allow... High Unreviewed
CVE-2022-22993 was published Jan 29, 2022
A CWE-918 Server-Side Request Forgery (SSRF) vulnerability exists that could cause the station... High Unreviewed
CVE-2021-22821 was published Jan 29, 2022
Server side request forgery in @isomorphic-git/cors-proxy High
CVE-2021-23664 was published for @isomorphic-git/cors-proxy (npm) Jan 26, 2022
Cross-site Scripting in HTML2PDF High
CVE-2021-45394 was published for spipu/html2pdf (Composer) Jan 21, 2022
peertube is vulnerable to Server-Side Request Forgery (SSRF) High Unreviewed
CVE-2022-0132 was published Jan 11, 2022
uppy's companion module is vulnerable to Server-Side Request Forgery (SSRF) High
CVE-2022-0086 was published for uppy (npm) Jan 6, 2022
Haxatron
SSRF exists in Webmin 1.850 via the PATH_INFO to tunnel/link.cgi, as demonstrated by a GET... High Unreviewed
CVE-2017-15644 was published May 17, 2022
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are... High Unreviewed
CVE-2017-1000139 was published May 17, 2022
SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An attacker can make a request... High Unreviewed
CVE-2022-1713 was published May 17, 2022
A Server-Side Request Forgery (SSRF) in Rebuild v2.8.3 allows attackers to obtain the real IP... High Unreviewed
CVE-2022-30049 was published May 16, 2022
A Server Side Request Forgery (SSRF) vulnerability could lead to remote code execution for... High Unreviewed
CVE-2017-14585 was published May 17, 2022
The copy function in application/admin/controller/Article.php in NoneCms 1.3.0 allows remote... High Unreviewed
CVE-2018-6029 was published May 14, 2022
GroupViewProxyServlet in RoomWizard before 4.4.x allows SSRF via the url parameter. High Unreviewed
CVE-2018-7055 was published May 14, 2022
The OAuth status rest resource in Atlassian Application Links before version 5.2.7, from 5.3.0... High Unreviewed
CVE-2017-18096 was published May 14, 2022
Citrix NetScaler VPX through NS12.0 53.13.nc allows an SSRF attack via the /rapi/read_url URI by... High Unreviewed
CVE-2018-6186 was published May 14, 2022
A Server Side Request Forgery vulnerability exists in the install app process in Sandstorm before... High Unreviewed
CVE-2017-6201 was published May 14, 2022
Appsmith v1.7.11 was discovered to allow attackers to execute an authenticated Server-Side... High Unreviewed
CVE-2022-38298 was published Sep 13, 2022
** DISPUTED ** Glastopf 3.1.3-dev has SSRF, as demonstrated by the abc.php a parameter. NOTE: the... High Unreviewed
CVE-2018-10220 was published May 14, 2022
Trovebox version <= 4.0.0-rc6 contains a Server-Side request forgery vulnerability in webhook... High Unreviewed
CVE-2018-1000553 was published May 14, 2022
The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39,... High Unreviewed
CVE-2018-5752 was published May 14, 2022
Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery... High Unreviewed
CVE-2018-5006 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database