Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
21
Go
2,094
Maven
5,000+
npm
3,759
NuGet
678
pip
3,445
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

423 advisories

Loading
IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4... High Unreviewed
CVE-2022-31776 was published Aug 2, 2022
The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor... High Unreviewed
CVE-2022-22982 was published Jul 14, 2022
With this SSRF vulnerability, an attacker can reach internal addresses to make a request as the... High Unreviewed
CVE-2022-2339 was published Jul 8, 2022
The Import Export All WordPress Images, Users & Post Types WordPress plugin before 6.5.3 does not... High Unreviewed
CVE-2022-1977 was published Jun 28, 2022
NocoDB information disclosure vulnerability High
CVE-2022-2062 was published for nocodb (npm) Jun 14, 2022
Server-Side Request Forgery in Jodd HTTP High
CVE-2022-29631 was published for org.jodd:jodd-http (Maven) Jun 7, 2022
Server-Side Request Forgery in gogs webhook High
CVE-2022-1285 was published for gogs.io/gogs (Go) Jun 3, 2022
am0o0
The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host... High Unreviewed
CVE-2022-27780 was published Jun 3, 2022
The AppCheck research team identified a Server-Side Request Forgery (SSRF) vulnerability within... High Unreviewed
CVE-2021-40186 was published Jun 3, 2022
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio... High Unreviewed
CVE-2022-1815 was published May 26, 2022
mysiteforme v2.2.1 was discovered to contain a Server-Side Request Forgery. High Unreviewed
CVE-2022-29309 was published May 25, 2022
The LikeBtn WordPress Like Button Rating ♥ LikeBtn WordPress plugin before 2.6.32 was... High Unreviewed
CVE-2021-24150 was published May 24, 2022
A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService of Bitdefender... High Unreviewed
CVE-2021-3553 was published May 24, 2022
An issue was discovered in the pixxio (aka pixx.io integration or DAM) extension before 1.0.6 for... High Unreviewed
CVE-2021-43562 was published May 24, 2022
IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow... High Unreviewed
CVE-2021-29844 was published May 24, 2022
Myucms v2.2.1 contains a server-side request forgery (SSRF) in the component \controller\index... High Unreviewed
CVE-2020-21649 was published May 24, 2022
In all versions of GitLab CE/EE since version 8.15, a DNS rebinding vulnerability in Gitea... High Unreviewed
CVE-2021-39867 was published May 24, 2022
There is a server-side request forgery vulnerability in HUAWEI P40 versions 10.1.0.118... High Unreviewed
CVE-2021-37104 was published May 24, 2022
In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can... High Unreviewed
CVE-2021-41587 was published May 24, 2022
In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can... High Unreviewed
CVE-2021-41586 was published May 24, 2022
On version 16.0.x before 16.0.1.2, insufficient permission checks may allow authenticated users... High Unreviewed
CVE-2021-23029 was published May 24, 2022
The SAP NetWeaver Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, component Iviews... High Unreviewed
CVE-2021-33705 was published May 24, 2022
BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 contains basic SSRF vulnerability. It allow... High Unreviewed
CVE-2021-28910 was published May 24, 2022
YzmCMS v5.5 contains a server-side request forgery (SSRF) in the grab_image() function. High Unreviewed
CVE-2020-20341 was published May 24, 2022
The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in... High Unreviewed
CVE-2021-22026 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database