GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
389 advisories
Filter by severity
A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). An...
High
Unreviewed
CVE-2022-42894
was published
Nov 17, 2022
A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application...
High
Unreviewed
CVE-2022-20958
was published
Nov 4, 2022
The Web Stories plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up...
High
Unreviewed
CVE-2022-3708
was published
Oct 29, 2022
Apache XML Graphics Batik vulnerable to code execution via SVG.
High
CVE-2022-41704
was published
for
org.apache.xmlgraphics:batik
(Maven)
Oct 25, 2022
Untrusted code execution in Apache XML Graphics Batik
High
CVE-2022-42890
was published
for
org.apache.xmlgraphics:batik
(Maven)
Oct 25, 2022
A vulnerability in the MiCollab Client server component of Mitel MiCollab through 9.5.0.101 could...
High
Unreviewed
CVE-2022-36451
was published
Oct 25, 2022
Microsoft Exchange Server Elevation of Privilege Vulnerability.
High
Unreviewed
CVE-2022-41040
was published
Oct 4, 2022
Heartex - Label Studio Community Edition vulnerable to SSRF in the Data Import module
High
CVE-2022-36551
was published
for
label-studio
(pip)
Oct 4, 2022
The Post SMTP Mailer/Email Log WordPress plugin before 2.1.7 does not have proper authorisation...
High
Unreviewed
CVE-2022-2352
was published
Sep 27, 2022
Apache Batik vulnerable to Server-Side Request Forgery
High
CVE-2022-40146
was published
for
org.apache.xmlgraphics:batik
(Maven)
Sep 23, 2022
A Server-Side Request Forgery (SSRF) in fetch_net_file_upload function of baijiacmsV4 v4.1.4...
High
Unreviewed
CVE-2022-38931
was published
Sep 21, 2022
The Web Player component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS...
High
Unreviewed
CVE-2022-30579
was published
Sep 21, 2022
Appsmith v1.7.11 was discovered to allow attackers to execute an authenticated Server-Side...
High
Unreviewed
CVE-2022-38298
was published
Sep 13, 2022
The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file downloads and...
High
Unreviewed
CVE-2022-2633
was published
Sep 7, 2022
4thline cling uPnP protocol issue can lead to denial of service
High
CVE-2020-23622
was published
for
org.fourthline.cling:cling-core
(Maven)
Aug 16, 2022
An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite ...
High
Unreviewed
CVE-2022-37041
was published
Aug 13, 2022
IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4...
High
Unreviewed
CVE-2022-31776
was published
Aug 2, 2022
The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor...
High
Unreviewed
CVE-2022-22982
was published
Jul 14, 2022
With this SSRF vulnerability, an attacker can reach internal addresses to make a request as the...
High
Unreviewed
CVE-2022-2339
was published
Jul 8, 2022
The Import Export All WordPress Images, Users & Post Types WordPress plugin before 6.5.3 does not...
High
Unreviewed
CVE-2022-1977
was published
Jun 28, 2022
NocoDB information disclosure vulnerability
High
CVE-2022-2062
was published
for
nocodb
(npm)
Jun 14, 2022
Server-Side Request Forgery in Jodd HTTP
High
CVE-2022-29631
was published
for
org.jodd:jodd-http
(Maven)
Jun 7, 2022
Server-Side Request Forgery in gogs webhook
High
CVE-2022-1285
was published
for
gogs.io/gogs
(Go)
Jun 3, 2022
The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host...
High
Unreviewed
CVE-2022-27780
was published
Jun 3, 2022
The AppCheck research team identified a Server-Side Request Forgery (SSRF) vulnerability within...
High
Unreviewed
CVE-2021-40186
was published
Jun 3, 2022
ProTip!
Advisories are also available from the
GraphQL API