GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 22,783
Composer 4,757
Erlang 35
GitHub Actions 29
Go 2,327
Maven 5,611
npm 3,960
NuGet 712
pip 3,741
Pub 12
RubyGems 921
Rust 973
Swift 38

Unreviewed advisories

All unreviewed 258,490

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

473 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.7. High Unreviewed

CVE-2022-1767 was published May 19, 2022

Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.6. High Unreviewed

CVE-2022-1723 was published May 18, 2022

Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.8. High Unreviewed

CVE-2022-1784 was published May 21, 2022

Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.5. High Unreviewed

CVE-2022-1711 was published May 18, 2022

CSZCMS v1.3.0 allows attackers to execute a Server-Side Request Forgery (SSRF) which can be... High Unreviewed

CVE-2022-28997 was published May 24, 2022

An issue in the graphData.cgi component of perfSONAR v4.4.5 and prior allows attackers to access... High Unreviewed

CVE-2022-41412 was published Nov 30, 2022

The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php in DokuWiki 2016-06-26a... High Unreviewed

CVE-2016-7964 was published May 17, 2022

In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP... High Unreviewed

CVE-2016-9752 was published May 17, 2022

The Post SMTP Mailer/Email Log WordPress plugin before 2.1.7 does not have proper authorisation... High Unreviewed

CVE-2022-2352 was published Sep 27, 2022

HPE Release Control (RC) 9.13, 9.20, and 9.21 before 9.21.0005 p4 allows remote authenticated... High Unreviewed

CVE-2016-4374 was published May 17, 2022

IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4... High Unreviewed

CVE-2022-31776 was published Aug 2, 2022

The media-file upload feature in GeniXCMS through 0.0.8 allows remote attackers to conduct SSRF... High Unreviewed

CVE-2017-5518 was published May 17, 2022

In vBulletin before 5.3.0, remote attackers can bypass the CVE-2016-6483 patch and conduct SSRF... High Unreviewed

CVE-2017-7569 was published May 17, 2022

F5 SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 is vulnerable to a Server-Side... High Unreviewed

CVE-2017-6130 was published May 17, 2022

The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor... High Unreviewed

CVE-2022-22982 was published Jul 14, 2022

With this SSRF vulnerability, an attacker can reach internal addresses to make a request as the... High Unreviewed

CVE-2022-2339 was published Jul 8, 2022

The Import Export All WordPress Images, Users & Post Types WordPress plugin before 6.5.3 does not... High Unreviewed

CVE-2022-1977 was published Jun 28, 2022

The AppCheck research team identified a Server-Side Request Forgery (SSRF) vulnerability within... High Unreviewed

CVE-2021-40186 was published Jun 3, 2022

Server-Side Request Forgery in Jodd HTTP High

CVE-2022-29631 was published for org.jodd:jodd-http (Maven) Jun 7, 2022

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio... High Unreviewed

CVE-2022-1815 was published May 26, 2022

A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host High

CVE-2021-39152 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021

Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector High

CVE-2022-29153 was published for github.com/hashicorp/consul (Go) Apr 20, 2022

A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host High

CVE-2021-39150 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021

Server-Side Request Forgery (SSRF) in Shopware High

CVE-2022-24871 was published for shopware/core (Composer) Apr 22, 2022

The EXMAGE WordPress plugin before 1.0.7 does to ensure that images added via URLs are external... High Unreviewed

CVE-2022-1037 was published Apr 19, 2022

Previous 1 2 … 15 16 17 18 19 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

473 advisories