Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

362 advisories

Loading
OX App Suite through 7.10.4 allows SSRF via a URL with an @ character in an appsuite/api/oauth... Moderate Unreviewed
CVE-2021-23927 was published May 24, 2022
OX App Suite through 7.10.3 allows SSRF because GET requests are sent to arbitrary domain names... Moderate Unreviewed
CVE-2020-24700 was published May 24, 2022
** DISPUTED ** An SSRF issue was discovered in cockpit-project.org Cockpit 234. NOTE: this is... Moderate Unreviewed
CVE-2020-35850 was published May 24, 2022
AdRem NetCrunch 10.6.0.4587 has a Server-Side Request Forgery (SSRF) vulnerability in the... Moderate Unreviewed
CVE-2019-14476 was published May 24, 2022
AEM Forms SP6 add-on for AEM 6.5.6.0 and Forms add-on package for AEM 6.4 Service Pack 8... Moderate Unreviewed
CVE-2020-24444 was published May 24, 2022
The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an... Moderate Unreviewed
CVE-2020-28978 was published May 24, 2022
The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerability. It allows an... Moderate Unreviewed
CVE-2020-28976 was published May 24, 2022
The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an... Moderate Unreviewed
CVE-2020-28977 was published May 24, 2022
A Server-Side Request Forgery (SSRF) affecting the PDF generation in MicroStrategy 10.4, 2019... Moderate Unreviewed
CVE-2020-24815 was published May 24, 2022
JetBrains YouTrack before 2020.3.5333 was vulnerable to SSRF. Moderate Unreviewed
CVE-2020-27626 was published May 24, 2022
JetBrains YouTrack before 2020.3.888 was vulnerable to SSRF. Moderate Unreviewed
CVE-2020-27624 was published May 24, 2022
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a server... Moderate Unreviewed
CVE-2020-27018 was published May 24, 2022
SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, 1905, 2005, allows an... Moderate Unreviewed
CVE-2020-26811 was published May 24, 2022
A remote server-side request forgery (ssrf) vulnerability was discovered in Aruba Airwave... Moderate Unreviewed
CVE-2020-7126 was published May 24, 2022
OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/message message API. Moderate Unreviewed
CVE-2020-15002 was published May 24, 2022
SAP BusinessObjects Business Intelligence Platform (Web Services) versions - 410, 420, 430,... Moderate Unreviewed
CVE-2020-6308 was published May 24, 2022
BigBlueButton before 2.2.7 allows remote authenticated users to read local files and conduct SSRF... Moderate Unreviewed
CVE-2020-25820 was published May 24, 2022
** DISPUTED ** Prometheus Blackbox Exporter through 0.17.0 allows /probe?target= SSRF. NOTE:... Moderate Unreviewed
CVE-2020-16248 was published May 24, 2022
SAP Netweaver AS ABAP, versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754,... Moderate Unreviewed
CVE-2020-6275 was published May 24, 2022
IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to Server Side Request Forgery (SSRF). This may... Moderate Unreviewed
CVE-2020-4294 was published May 24, 2022
Microstrategy Web 10.4 is vulnerable to Server-Side Request Forgery in the Test Web Service... Moderate Unreviewed
CVE-2020-11453 was published May 24, 2022
OX App Suite through 7.10.2 allows SSRF. Moderate Unreviewed
CVE-2019-18846 was published May 24, 2022
An issue was discovered in Zoho ManageEngine Remote Access Plus 10.0.447. The service to test the... Moderate Unreviewed
CVE-2019-20474 was published May 24, 2022
An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local... Moderate Unreviewed
CVE-2020-8118 was published May 24, 2022
SysJust Syuan-Gu-Da-Shih, versions before 20191223, contain vulnerability of Request Forgery,... Moderate Unreviewed
CVE-2020-3938 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database