GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
389 advisories
Filter by severity
MashZone NextGen through 10.7 GA has an SSRF vulnerability that allows an attacker to interact...
High
Unreviewed
CVE-2021-33581
was published
Apr 1, 2022
SSRF on index.php/cobrowse/proxycss/ in GitHub repository livehelperchat/livehelperchat prior to...
High
Unreviewed
CVE-2022-1191
was published
Apr 1, 2022
Server side request forgery in C1 CMS
High
CVE-2022-24789
was published
for
C1CMS.Assemblies
(NuGet)
Mar 30, 2022
A vulnerability was discovered in GitLab versions 10.5 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14...
High
Unreviewed
CVE-2022-0136
was published
Mar 29, 2022
Sentinel 1.8.2 is vulnerable to Server-side request forgery (SSRF).
High
Unreviewed
CVE-2021-44139
was published
Mar 24, 2022
An issue was discovered in MISP before 2.4.156. app/Model/Server.php does not restrict...
High
Unreviewed
CVE-2022-27245
was published
Mar 19, 2022
Ligeo Archives Ligeo Basics as of 02_01-2022 is vulnerable to Server Side Request Forgery (SSRF)...
High
Unreviewed
CVE-2021-46107
was published
Mar 18, 2022
Server-Side Request Forgery in FUXA
High
CVE-2021-45851
was published
for
@frangoteam/fuxa
(npm)
Mar 17, 2022
Agent-to-controller security bypass in Jenkins Semantic Versioning Plugin
High
CVE-2022-27201
was published
for
org.jenkins-ci.plugins:semantic-versioning-plugin
(Maven)
Mar 16, 2022
Server-Side Request Forgery and Open Redirect in AllTube Download
High
CVE-2022-24739
was published
for
rudloff/alltube
(Composer)
Mar 9, 2022
Incorrect Authorization in @uppy/companion
High
CVE-2022-0528
was published
for
@uppy/companion
(npm)
Mar 4, 2022
SSRF in Kitodo.Presentation
High
CVE-2022-24980
was published
for
kitodo/presentation
(Composer)
Feb 20, 2022
The OIDC OP plugin before 3.0.4 for Shibboleth Identity Provider allows server-side request...
High
Unreviewed
CVE-2022-24129
was published
Feb 10, 2022
Server-side request forgery (SSRF) in Apache Batik
High
CVE-2019-17566
was published
for
org.apache.xmlgraphics:batik
(Maven)
Feb 9, 2022
Server-side request forgery (SSRF) in Apache XmlGraphics Commons
High
CVE-2020-11988
was published
for
org.apache.xmlgraphics:xmlgraphics-commons
(Maven)
Feb 9, 2022
Server-Side Request Forgery in Apache Traffic Control
High
CVE-2022-23206
was published
for
github.com/apache/trafficcontrol
(Go)
Feb 7, 2022
A CWE-918 Server-Side Request Forgery (SSRF) vulnerability exists that could cause the station...
High
Unreviewed
CVE-2021-22821
was published
Jan 29, 2022
A limited SSRF vulnerability was discovered on Western Digital My Cloud devices that could allow...
High
Unreviewed
CVE-2022-22993
was published
Jan 29, 2022
Server side request forgery in @isomorphic-git/cors-proxy
High
CVE-2021-23664
was published
for
@isomorphic-git/cors-proxy
(npm)
Jan 26, 2022
Cross-site Scripting in HTML2PDF
High
CVE-2021-45394
was published
for
spipu/html2pdf
(Composer)
Jan 21, 2022
peertube is vulnerable to Server-Side Request Forgery (SSRF)
High
Unreviewed
CVE-2022-0132
was published
Jan 11, 2022
uppy's companion module is vulnerable to Server-Side Request Forgery (SSRF)
High
CVE-2022-0086
was published
for
uppy
(npm)
Jan 6, 2022
Server-side request forgery (SSRF) in Apache Batik
High
CVE-2020-11987
was published
for
org.apache.xmlgraphics:batik-svgbrowser
(Maven)
Jan 6, 2022
VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3...
High
Unreviewed
CVE-2021-22056
was published
Dec 21, 2021
VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0...
High
Unreviewed
CVE-2021-22054
was published
Dec 18, 2021
ProTip!
Advisories are also available from the
GraphQL API