GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,766
Erlang
35
GitHub Actions
29
Go
2,332
Maven
5,000+
npm
3,965
NuGet
713
pip
3,748
Pub
12
RubyGems
921
Rust
975
Swift
38
Unreviewed advisories
All unreviewed
5,000+
477 advisories
Filter by severity
VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0...
High
Unreviewed
CVE-2021-22054
was published
Dec 18, 2021
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.5 before 14...
High
Unreviewed
CVE-2021-39935
was published
Dec 14, 2021
IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x is vulnerable to server-side request forgery ...
High
Unreviewed
CVE-2021-39057
was published
Dec 14, 2021
An issue was discovered in Jamf Pro before 10.32.0, aka PI-009921. An account can be granted...
High
Unreviewed
CVE-2021-40809
was published
Dec 2, 2021
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to an SSRF attack in ActionExecutor.
High
Unreviewed
CVE-2021-43296
was published
Dec 1, 2021
A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of...
High
Unreviewed
CVE-2021-3552
was published
Nov 25, 2021
Server-Side Request Forgery vulnerability in concrete5
High
CVE-2021-22958
was published
for
concrete5/concrete5
(Composer)
Oct 12, 2021
Server-Side Request Forgery in UReport
High
CVE-2020-21122
was published
for
com.bstek.ureport:ureport2-console
(Maven)
Sep 20, 2021
Authenticated server-side request forgery in file upload via URL.
High
CVE-2021-37711
was published
for
shopware/core
(Composer)
Aug 23, 2021
Server-Side Request Forgery in phantomjs-seo
High
CVE-2020-7739
was published
for
phantomjs-seo
(npm)
May 10, 2021
Server-Side Request Forgery in node-pdf-generator
High
CVE-2020-7740
was published
for
node-pdf-generator
(npm)
May 10, 2021
Server-Side Request Forgery in Spinnaker Orca
High
CVE-2020-9298
was published
for
com.netflix.spinnaker.orca:orca-core
(Maven)
May 7, 2021
Server-Side Request Forgery in Apache Solr
High
CVE-2021-27905
was published
for
org.apache.solr:solr-parent
(Maven)
May 10, 2021
Authorization service vulnerable to DDos attacks in Apache CFX
High
CVE-2021-22696
was published
for
org.apache.cxf:apache-cxf
(Maven)
May 13, 2021
Server Side Request Forgery (SSRF) in org.mitre:openid-connect-server
High
CVE-2021-26715
was published
for
org.mitre:openid-connect-server
(Maven)
May 13, 2021
Server-side request forgery (SSRF) in Apache XmlGraphics Commons
High
CVE-2020-11988
was published
for
org.apache.xmlgraphics:xmlgraphics-commons
(Maven)
Feb 9, 2022
Server-Side Request Forgery and Inclusion of Functionality from Untrusted Control Sphere in jsreport
High
CVE-2020-8128
was published
for
jsreport
(npm)
Apr 13, 2021
A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). An...
High
Unreviewed
CVE-2022-42894
was published
Nov 17, 2022
A Server Side Request Forgery (SSRF) vulnerability in tools/files/importers/remote.php in...
High
Unreviewed
CVE-2018-13790
was published
May 13, 2022
In Progress Ipswitch WhatsUp Gold 21.0.0 through 21.1.1, and 22.0.0, it is possible for an...
High
Unreviewed
CVE-2022-29847
was published
May 12, 2022
Server-Side Request Forgery in scout-browser
High
CVE-2022-1592
was published
for
scout-browser
(pip)
May 6, 2022
WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because Windows...
High
Unreviewed
CVE-2019-17670
was published
May 24, 2022
ProxyScotch is vulnerable to a server-side Request Forgery (SSRF)
High
CVE-2022-25850
was published
for
github.com/hoppscotch/proxyscotch
(Go)
May 3, 2022
The HubSpot WordPress plugin before 8.8.15 does not validate the proxy URL given to the proxy...
High
Unreviewed
CVE-2022-1239
was published
May 3, 2022
ProTip!
Advisories are also available from the
GraphQL API