GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
346 advisories
Filter by severity
A remote authenticated server-side request forgery (ssrf) vulnerability was discovered in Aruba...
Moderate
Unreviewed
CVE-2022-23668
was published
May 17, 2022
The external_request api call in App Studio (millicore) allows server side request forgery (SSRF)...
Moderate
Unreviewed
CVE-2017-7553
was published
May 14, 2022
Server Side Request Forgery (SSRF) vulnerability in SAP NetWeaver Knowledge Management...
Moderate
Unreviewed
CVE-2017-16678
was published
May 14, 2022
The Trello importer in Atlassian Jira before version 7.6.1 allows remote attackers to access the...
Moderate
Unreviewed
CVE-2017-16865
was published
May 14, 2022
Server Side Request Forgery (SSRF) vulnerability in SAP Central Management Console, BI Launchpad...
Moderate
Unreviewed
CVE-2018-2370
was published
May 14, 2022
Digital Guardian Management Console 7.1.2.0015 has an SSRF issue that allows remote attackers to...
Moderate
Unreviewed
CVE-2018-10174
was published
May 14, 2022
Pydio version 8.2.0 and earlier contains a Server-Side Request Forgery (SSRF) vulnerability in...
Moderate
Unreviewed
CVE-2018-1999017
was published
May 14, 2022
The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow...
Moderate
Unreviewed
CVE-2016-3718
was published
May 14, 2022
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The API to configure...
Moderate
Unreviewed
CVE-2016-4046
was published
May 14, 2022
admin/functions/remote.php in Interspire Email Marketer through 6.1.6 has Server Side Request...
Moderate
Unreviewed
CVE-2018-19651
was published
May 14, 2022
OX App Suite 7.8.4 and earlier allows Server-Side Request Forgery.
Moderate
Unreviewed
CVE-2018-12609
was published
May 14, 2022
The FTP service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices allows remote attackers...
Moderate
Unreviewed
CVE-2018-15516
was published
May 14, 2022
GitLab Community and Enterprise Editions version 8.3 up to 10.x before 10.3 are vulnerable to...
Moderate
Unreviewed
CVE-2018-8801
was published
May 14, 2022
Server side request forgery exists in the runtime application in K2 smartforms 4.6.11 via a...
Moderate
Unreviewed
CVE-2018-9920
was published
May 14, 2022
JEECMS 9 has SSRF via the ueditor/getRemoteImage.jspx upfile parameter.
Moderate
Unreviewed
CVE-2018-20528
was published
May 14, 2022
OX App Suite 7.8.4 and earlier allows SSRF.
Moderate
Unreviewed
CVE-2018-13103
was published
May 14, 2022
The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and...
Moderate
Unreviewed
CVE-2017-9506
was published
May 14, 2022
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products ...
Moderate
Unreviewed
CVE-2017-3546
was published
May 13, 2022
Server-side request forgery (SSRF) vulnerability in Downloader in Synology Download Station 3.8.x...
Moderate
Unreviewed
CVE-2017-11149
was published
May 13, 2022
Server-side request forgery (SSRF) vulnerability in link preview in Synology Chat before 1.1.0...
Moderate
Unreviewed
CVE-2017-11148
was published
May 13, 2022
Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station...
Moderate
Unreviewed
CVE-2017-12071
was published
May 13, 2022
Server-side request forgery (SSRF) vulnerability in Link Preview in Synology Chat before 2.0.0...
Moderate
Unreviewed
CVE-2017-15886
was published
May 13, 2022
The Github repository importer in Atlassian Bitbucket Server before version 5.3.0 allows remote...
Moderate
Unreviewed
CVE-2017-18036
was published
May 13, 2022
A Server-Side Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch...
Moderate
Unreviewed
CVE-2017-6036
was published
May 13, 2022
A vulnerability in the web interface of Cisco TelePresence Conductor, Cisco Expressway Series,...
Moderate
Unreviewed
CVE-2019-1679
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API