GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
170 advisories
Filter by severity
SLiMS Senayan Library Management System v9.4.2 was discovered to contain multiple Server-Side...
Critical
Unreviewed
CVE-2022-38292
was published
Sep 13, 2022
A Server-Side Request Forgery issue in Canto Cumulus through 11.1.3 allows attackers to enumerate...
Critical
Unreviewed
CVE-2022-40305
was published
Sep 10, 2022
Server-side Request Forgery (SSRF) vulnerability in PublicCMS before 4.0.202011.b via /publiccms...
Critical
Unreviewed
CVE-2021-27693
was published
Sep 3, 2022
wkhtmlTOpdf 0.12.6 is vulnerable to SSRF which allows an attacker to get initial access into the...
Critical
Unreviewed
CVE-2022-35583
was published
Aug 23, 2022
Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x before 5.0.3 allows SSRF via...
Critical
Unreviewed
CVE-2022-25801
was published
Jul 15, 2022
Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x before 5.0.3 allows SSRF via...
Critical
Unreviewed
CVE-2022-25800
was published
Jul 15, 2022
Halo CMS v1.5.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the template...
Critical
Unreviewed
CVE-2022-32995
was published
Jun 28, 2022
flatCore-CMS version 2.0.8 calls dangerous functions, causing server-side request forgery...
Critical
Unreviewed
CVE-2021-41403
was published
Jun 16, 2022
A Server-Side Request Forgery (SSRF) vulnerability in IPS Community Suite before 4.6.2 allows...
Critical
Unreviewed
CVE-2021-40604
was published
Jun 14, 2022
MonstaFTP v2.10.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the function...
Critical
Unreviewed
CVE-2022-31827
was published
Jun 10, 2022
Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via...
Critical
Unreviewed
CVE-2022-31390
was published
Jun 10, 2022
A Server-Side Request Forgery (SSRF) in the getFileBinary function of nbnbk cms 3 allows...
Critical
Unreviewed
CVE-2022-31386
was published
Jun 10, 2022
Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via...
Critical
Unreviewed
CVE-2022-31393
was published
Jun 10, 2022
The server in Jamf Pro before 10.32.0 has a vulnerability affecting integrity and availability,...
Critical
Unreviewed
CVE-2021-39303
was published
May 24, 2022
Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1...
Critical
Unreviewed
CVE-2021-27561
was published
May 24, 2022
Myucms v2.2.1 contains a server-side request forgery (SSRF) in the component \controller\index...
Critical
Unreviewed
CVE-2020-21653
was published
May 24, 2022
An issue was discovered in Zammad before 4.1.1. SSRF can occur via GitHub or GitLab integration.
Critical
Unreviewed
CVE-2021-42091
was published
May 24, 2022
ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF.
Critical
Unreviewed
CVE-2021-37419
was published
May 24, 2022
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen...
Critical
Unreviewed
CVE-2021-40438
was published
May 24, 2022
Server-Side Request Forgery (SSRF) vulnerability has been detected in the SAP NetWeaver...
Critical
Unreviewed
CVE-2021-33690
was published
May 24, 2022
eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject a url to trigger...
Critical
Unreviewed
CVE-2021-39497
was published
May 24, 2022
Nagios XI Docker Wizard before version 1.1.3 is vulnerable to SSRF due to improper sanitation in...
Critical
Unreviewed
CVE-2021-37353
was published
May 24, 2022
The OnAir2 WordPress theme before 3.9.9.2 and QT KenthaRadio WordPress plugin before 2.0.2 have...
Critical
Unreviewed
CVE-2021-24472
was published
May 24, 2022
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021...
Critical
Unreviewed
CVE-2021-34473
was published
May 24, 2022
A Server-Side Request Forgery (SSRF) vulnerability in ArcGIS Server Manager version 10.8.1 and...
Critical
Unreviewed
CVE-2021-29102
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API