Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,822
Erlang
36
GitHub Actions
32
Go
2,413
Maven
5,000+
npm
4,052
NuGet
723
pip
3,844
Pub
12
RubyGems
933
Rust
1,005
Swift
38
Unreviewed advisories
All unreviewed
5,000+

697 advisories

Loading
Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputted properly. With cookie of... Moderate Unreviewed
CVE-2020-17386 was published May 24, 2022
phpBB Server-Side Request Forgery Vulnerability Moderate
CVE-2020-8226 was published for phpbb/phpbb (Composer) May 24, 2022
Rudloff
** DISPUTED ** Prometheus Blackbox Exporter through 0.17.0 allows /probe?target= SSRF. NOTE:... Moderate Unreviewed
CVE-2020-16248 was published May 24, 2022
SAP Netweaver AS ABAP, versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754,... Moderate Unreviewed
CVE-2020-6275 was published May 24, 2022
IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to Server Side Request Forgery (SSRF). This may... Moderate Unreviewed
CVE-2020-4294 was published May 24, 2022
Microstrategy Web 10.4 is vulnerable to Server-Side Request Forgery in the Test Web Service... Moderate Unreviewed
CVE-2020-11453 was published May 24, 2022
OX App Suite through 7.10.2 allows SSRF. Moderate Unreviewed
CVE-2019-18846 was published May 24, 2022
An issue was discovered in Zoho ManageEngine Remote Access Plus 10.0.447. The service to test the... Moderate Unreviewed
CVE-2019-20474 was published May 24, 2022
An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local... Moderate Unreviewed
CVE-2020-8118 was published May 24, 2022
SysJust Syuan-Gu-Da-Shih, versions before 20191223, contain vulnerability of Request Forgery,... Moderate Unreviewed
CVE-2020-3938 was published May 24, 2022
LuquidPixels LiquiFire OS 4.8.0 allows SSRF via the call%3Durl substring followed by a URL in... Moderate Unreviewed
CVE-2019-20055 was published May 24, 2022
OX App Suite 7.10.1 and 7.10.2 allows SSRF. Moderate Unreviewed
CVE-2019-14225 was published May 24, 2022
A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that can... Moderate Unreviewed
CVE-2019-15021 was published May 24, 2022
rpcapd/daemon.c in libpcap before 1.9.1 allows SSRF because a URL may be provided as a capture... Moderate Unreviewed
CVE-2019-15164 was published May 24, 2022
IBM QRadar SIEM 7.2 and 7.3 is vulnerable to Server Side Request Forgery (SSRF). This may allow... Moderate Unreviewed
CVE-2019-4262 was published May 24, 2022
The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote... Moderate Unreviewed
CVE-2019-8451 was published May 24, 2022
In Mendix 7.23.5 and earlier, the Excel importer module is vulnerable to SSRF, which allows... Moderate Unreviewed
CVE-2019-12996 was published May 24, 2022
Kibana versions before 6.8.2 and 7.2.1 contain a server side request forgery (SSRF) flaw in the... Moderate Unreviewed
CVE-2019-7616 was published May 24, 2022
An issue was discovered in GitLab Community and Enterprise Edition before 11.3.11, 11.4.x before... Moderate Unreviewed
CVE-2018-19495 was published May 24, 2022
A vulnerability in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway... Moderate Unreviewed
CVE-2019-1872 was published May 24, 2022
Zimbra Collaboration Suite 8.7.x through 8.8.11 allows Blind SSRF in the Feed component. Moderate Unreviewed
CVE-2019-6981 was published May 24, 2022
An issue was discovered in WSO2 Dashboard Server 2.0.0. It is possible to force the application... Moderate Unreviewed
CVE-2019-6516 was published May 24, 2022
phpBB Server side request forgery (SSRF) Moderate
CVE-2019-11767 was published for phpbb/phpbb (Composer) May 24, 2022
The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to... Moderate Unreviewed
CVE-2010-1637 was published May 17, 2022
phpThumb is vulnerable to Server-Side Request Forgery (SSRF) Moderate
CVE-2013-6919 was published for james-heinrich/phpthumb (Composer) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database