Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,825
Erlang
36
GitHub Actions
32
Go
2,419
Maven
5,000+
npm
4,055
NuGet
723
pip
3,847
Pub
12
RubyGems
934
Rust
1,006
Swift
38
Unreviewed advisories
All unreviewed
5,000+

102 advisories

Loading
Microcks contains a Server-Side Request Forgery (SSRF) via the component /jobs and /artifact/download Critical
CVE-2023-48910 was published for io.github.microcks:microcks (Maven) Dec 4, 2023
Cookies are sent to external images in rendered diff (and server side request forgery) Critical
CVE-2023-48240 was published for org.xwiki.platform:xwiki-platform-diff-xml (Maven) Nov 20, 2023
OpenCRX allows a remote attacker to execute arbitrary code via a crafted request Critical
CVE-2023-46502 was published for org.opencrx:opencrx-client (Maven) Oct 31, 2023
WPS Server Side Request Forgery vulnerability High
CVE-2023-43795 was published for org.geoserver.extension:gs-wps-core (Maven) Oct 24, 2023
Unsecured WMS dynamic styling sld=<url> parameter affords blind unauthenticated SSRF Moderate
CVE-2023-41339 was published for org.geoserver.web:gs-web-app (Maven) Oct 24, 2023
thomsmith remsio-syn
us3r777 mprins
Apache Shenyu Server Side Request Forgery vulnerability Moderate
CVE-2023-25753 was published for org.apache.shenyu:shenyu-admin (Maven) Oct 19, 2023
Presto JDBC Server-Side Request Forgery by nextUri High
GHSA-86q5-qcjc-7pv4 was published for com.facebook.presto:presto-jdbc (Maven) Oct 3, 2023
Presto JDBC Server-Side Request Forgery by redirect High
GHSA-xm7x-f3w2-4hjm was published for com.facebook.presto:presto-jdbc (Maven) Oct 3, 2023
WireMock Controlled Server Side Request Forgery vulnerability through URL Moderate
CVE-2023-41327 was published for org.wiremock:wiremock-webhooks-extension (Maven) Sep 6, 2023
W0rty oleg-nenashev
Mahoney tomakehurst
SSRF vulnerability in Jenkins Bitbucket Push and Pull Request Plugin allows capturing credentials High
CVE-2023-41937 was published for io.jenkins.plugins:bitbucket-push-and-pull-request (Maven) Sep 6, 2023
Apache XML Graphics Batik Server-Side Request Forgery vulnerability High
CVE-2022-44729 was published for org.apache.xmlgraphics:batik-bridge (Maven) Aug 22, 2023
Apache Batik information disclosure vulnerability Moderate
CVE-2022-44730 was published for org.apache.xmlgraphics:batik-script (Maven) Aug 22, 2023
jkmartindale
OpenRefine Server-Side Request Forgery vulnerability Moderate
CVE-2022-41401 was published for org.openrefine:main (Maven) Aug 4, 2023
PlantUML Server-Side Request Forgery vulnerability High
CVE-2023-3432 was published for net.sourceforge.plantuml:plantuml (Maven) Jun 27, 2023
mitchelkuijpers
OpenAPI Generator vulnerable to Server-Side Request Forgery Critical
CVE-2023-27162 was published for org.openapitools:openapi-generator-project (Maven) Mar 31, 2023
Undertow client not checking server identity presented by server certificate in https connections Critical
CVE-2022-4492 was published for io.undertow:undertow-core (Maven) Feb 23, 2023
fawind
AWS SDK is vulnerable to server-side request forgery (SSRF) Critical
CVE-2022-4725 was published for com.amazonaws:aws-android-sdk-mobile-client (Maven) Dec 27, 2022
Apache CXF Server-Side Request Forgery vulnerability Critical
CVE-2022-46364 was published for org.apache.cxf:cxf-core (Maven) Dec 13, 2022
XXL-JOB vulnerable to Server-Side Request Forgery (SSRF) High
CVE-2022-43183 was published for com.xuxueli:xxl-job-core (Maven) Nov 17, 2022
MarkLee131 achibear
Untrusted code execution in Apache XML Graphics Batik High
CVE-2022-42890 was published for org.apache.xmlgraphics:batik (Maven) Oct 25, 2022
Apache XML Graphics Batik vulnerable to code execution via SVG. High
CVE-2022-41704 was published for org.apache.xmlgraphics:batik (Maven) Oct 25, 2022
Nepxion Discovery vulnerable to potential Information Disclosure due to Server-Side Request Forgery Moderate
CVE-2022-23464 was published for com.nepxion:discovery (Maven) Sep 25, 2022
Apache Batik vulnerable to Server-Side Request Forgery High
CVE-2022-40146 was published for org.apache.xmlgraphics:batik (Maven) Sep 23, 2022
Apache Batik vulnerable to Server-Side Request Forgery Moderate
CVE-2022-38648 was published for org.apache.xmlgraphics:batik (Maven) Sep 23, 2022
Apache Batik Server-Side Request Forgery Moderate
CVE-2022-38398 was published for org.apache.xmlgraphics:batik (Maven) Sep 23, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database