Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,343
Erlang
31
GitHub Actions
22
Go
2,107
Maven
5,000+
npm
3,764
NuGet
679
pip
3,452
Pub
12
RubyGems
892
Rust
886
Swift
37
Unreviewed advisories
All unreviewed
5,000+

1,206 advisories

Loading
A vulnerability was discovered in GitLab versions 10.5 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14... High Unreviewed
CVE-2022-0136 was published Mar 29, 2022
A vulnerability was discovered in GitLab starting with version 12. GitLab was vulnerable to a... Critical Unreviewed
CVE-2022-0249 was published Mar 29, 2022
Sentinel 1.8.2 is vulnerable to Server-side request forgery (SSRF). High Unreviewed
CVE-2021-44139 was published Mar 24, 2022
The FormCraft WordPress plugin before 3.8.28 does not validate the URL parameter in the... Critical Unreviewed
CVE-2022-0591 was published Mar 22, 2022
An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between... Critical Unreviewed
CVE-2021-45967 was published Mar 19, 2022
An issue was discovered in MISP before 2.4.156. app/Model/Server.php does not restrict... High Unreviewed
CVE-2022-27245 was published Mar 19, 2022
Server-Side Request Forgery in Apache Dubbo Moderate
CVE-2021-25640 was published for com.alibaba:dubbo (Maven) Mar 18, 2022
Ligeo Archives Ligeo Basics as of 02_01-2022 is vulnerable to Server Side Request Forgery (SSRF)... High Unreviewed
CVE-2021-46107 was published Mar 18, 2022
Server-Side Request Forgery in FUXA High
CVE-2021-45851 was published for @frangoteam/fuxa (npm) Mar 17, 2022
Agent-to-controller security bypass in Jenkins Semantic Versioning Plugin High
CVE-2022-27201 was published for org.jenkins-ci.plugins:semantic-versioning-plugin (Maven) Mar 16, 2022
NotMyFault
The DefaultRepositoryAdminService class in Fisheye and Crucible before version 4.8.9 allowed... Moderate Unreviewed
CVE-2021-43954 was published Mar 15, 2022
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to server-side request... Moderate Unreviewed
CVE-2021-39051 was published Mar 15, 2022
SSRF in repository migration Moderate
GHSA-q347-cg56-pcq4 was published for gogs.io/gogs (Go) Mar 14, 2022
michaellrowley
Spoofing attack in swagger-ui Moderate
CVE-2018-25031 was published for swagger-ui (npm) Mar 12, 2022
SSRF in repository migration Moderate
CVE-2022-0870 was published for gogs.io/gogs (Go) Mar 12, 2022
Server-Side Request Forgery and Open Redirect in AllTube Download High
CVE-2022-24739 was published for rudloff/alltube (Composer) Mar 9, 2022
Rudloff
Server-Side Request Forgery in calibreweb Critical
CVE-2022-0767 was published for calibreweb (pip) Mar 8, 2022
Server-Side Request Forgery in calibreweb Critical
CVE-2022-0766 was published for calibreweb (pip) Mar 8, 2022
Incorrect Authorization in @uppy/companion High
CVE-2022-0528 was published for @uppy/companion (npm) Mar 4, 2022
Server-Side Request Forgery (SSRF) in rudloff/alltube Critical
CVE-2022-0768 was published for rudloff/alltube (Composer) Mar 1, 2022
416e6e61
In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call was possible. Moderate Unreviewed
CVE-2022-24333 was published Feb 26, 2022
JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF). Critical Unreviewed
CVE-2022-25260 was published Feb 26, 2022
SSRF in Kitodo.Presentation High
CVE-2022-24980 was published for kitodo/presentation (Composer) Feb 20, 2022
Server-Side Request Forgery and Uncontrolled Resource Consumption in LemMinX Critical
CVE-2022-0671 was published for org.eclipse.lemminx:lemminx-parent (Maven) Feb 19, 2022
This vulnerability could allow an attacker to force the server to create and execute a web... Critical Unreviewed
CVE-2022-21215 was published Feb 19, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database