GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,204
Composer 4,097
Erlang 29
GitHub Actions 19
Go 1,925
Maven 5,117
npm 3,657
NuGet 638
pip 3,264
Pub 10
RubyGems 873
Rust 823
Swift 35

Unreviewed advisories

All unreviewed 229,347

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

170 advisories

Filter by severity

Sort by

Least recently updated

SLiMS Senayan Library Management System v9.4.2 was discovered to contain multiple Server-Side... Critical Unreviewed

CVE-2022-38292 was published Sep 13, 2022

A Server-Side Request Forgery issue in Canto Cumulus through 11.1.3 allows attackers to enumerate... Critical Unreviewed

CVE-2022-40305 was published Sep 10, 2022

Server-side Request Forgery (SSRF) vulnerability in PublicCMS before 4.0.202011.b via /publiccms... Critical Unreviewed

CVE-2021-27693 was published Sep 3, 2022

wkhtmlTOpdf 0.12.6 is vulnerable to SSRF which allows an attacker to get initial access into the... Critical Unreviewed

CVE-2022-35583 was published Aug 23, 2022

Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x before 5.0.3 allows SSRF via... Critical Unreviewed

CVE-2022-25801 was published Jul 15, 2022

Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x before 5.0.3 allows SSRF via... Critical Unreviewed

CVE-2022-25800 was published Jul 15, 2022

Halo CMS v1.5.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the template... Critical Unreviewed

CVE-2022-32995 was published Jun 28, 2022

flatCore-CMS version 2.0.8 calls dangerous functions, causing server-side request forgery... Critical Unreviewed

CVE-2021-41403 was published Jun 16, 2022

A Server-Side Request Forgery (SSRF) vulnerability in IPS Community Suite before 4.6.2 allows... Critical Unreviewed

CVE-2021-40604 was published Jun 14, 2022

MonstaFTP v2.10.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the function... Critical Unreviewed

CVE-2022-31827 was published Jun 10, 2022

Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via... Critical Unreviewed

CVE-2022-31390 was published Jun 10, 2022

A Server-Side Request Forgery (SSRF) in the getFileBinary function of nbnbk cms 3 allows... Critical Unreviewed

CVE-2022-31386 was published Jun 10, 2022

Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via... Critical Unreviewed

CVE-2022-31393 was published Jun 10, 2022

The server in Jamf Pro before 10.32.0 has a vulnerability affecting integrity and availability,... Critical Unreviewed

CVE-2021-39303 was published May 24, 2022

Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1... Critical Unreviewed

CVE-2021-27561 was published May 24, 2022

Myucms v2.2.1 contains a server-side request forgery (SSRF) in the component \controller\index... Critical Unreviewed

CVE-2020-21653 was published May 24, 2022

An issue was discovered in Zammad before 4.1.1. SSRF can occur via GitHub or GitLab integration. Critical Unreviewed

CVE-2021-42091 was published May 24, 2022

ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF. Critical Unreviewed

CVE-2021-37419 was published May 24, 2022

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen... Critical Unreviewed

CVE-2021-40438 was published May 24, 2022

Server-Side Request Forgery (SSRF) vulnerability has been detected in the SAP NetWeaver... Critical Unreviewed

CVE-2021-33690 was published May 24, 2022

eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject a url to trigger... Critical Unreviewed

CVE-2021-39497 was published May 24, 2022

Nagios XI Docker Wizard before version 1.1.3 is vulnerable to SSRF due to improper sanitation in... Critical Unreviewed

CVE-2021-37353 was published May 24, 2022

The OnAir2 WordPress theme before 3.9.9.2 and QT KenthaRadio WordPress plugin before 2.0.2 have... Critical Unreviewed

CVE-2021-24472 was published May 24, 2022

Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021... Critical Unreviewed

CVE-2021-34473 was published May 24, 2022

A Server-Side Request Forgery (SSRF) vulnerability in ArcGIS Server Manager version 10.8.1 and... Critical Unreviewed

CVE-2021-29102 was published May 24, 2022

Previous 1 2 3 4 5 6 7 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

170 advisories