GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,107
Composer 4,077
Erlang 29
GitHub Actions 19
Go 1,903
Maven 5,102
npm 3,634
NuGet 638
pip 3,249
Pub 10
RubyGems 867
Rust 819
Swift 35

Unreviewed advisories

All unreviewed 228,572

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

167 advisories

Filter by severity

Sort by

Least recently updated

Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to Server-Side Request Forgery ... Critical Unreviewed

CVE-2021-31531 was published May 24, 2022

When requests to the internal network for webhooks are enabled, a server-side request forgery... Critical Unreviewed

CVE-2021-22175 was published May 24, 2022

Webtools in Brocade SANnav before version 2.1.1 allows unauthenticated users to make requests to... Critical Unreviewed

CVE-2020-15377 was published May 24, 2022

Server-Side Request Forgery (SSRF) vulnerability in webapi component in Synology Video Station... Critical Unreviewed

CVE-2021-33181 was published May 24, 2022

BMC Remedy Mid Tier 9.1SP3 is affected by remote and local file inclusion. Due to the lack of... Critical Unreviewed

CVE-2017-17674 was published May 24, 2022

A remote server side request forgery (SSRF) remote code execution vulnerability was discovered in... Critical Unreviewed

CVE-2021-29145 was published May 24, 2022

A server-side request forgery (SSRF) vulnerability in the addCustomThemePluginRepository function... Critical Unreviewed

CVE-2020-35313 was published May 24, 2022

MuleSoft is aware of a Server Side Request Forgery vulnerability affecting certain versions of a... Critical Unreviewed

CVE-2021-1627 was published May 24, 2022

Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021... Critical Unreviewed

CVE-2021-26855 was published May 24, 2022

Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter. Critical Unreviewed

CVE-2021-27670 was published May 24, 2022

A server-side request forgery (SSRF) vulnerability in Upgrade.php of gopeak masterlab 2.1.5, via... Critical Unreviewed

CVE-2020-23534 was published May 24, 2022

Friendica 2021.01 allows SSRF via parse_url?binurl= for DNS lookups or HTTP requests to arbitrary... Critical Unreviewed

CVE-2021-27329 was published May 24, 2022

Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to... Critical Unreviewed

CVE-2021-27103 was published May 24, 2022

** UNSUPPORTED WHEN ASSIGNED ** Server Side Request Forgery (SSRF) in Web Compliance Manager in... Critical Unreviewed

CVE-2020-35205 was published May 24, 2022

Esri ArcGIS Server before 10.8 is vulnerable to SSRF in some configurations. Critical Unreviewed

CVE-2020-35712 was published May 24, 2022

Insufficient validation in the Bitdefender Update Server and BEST Relay components of Bitdefender... Critical Unreviewed

CVE-2020-15297 was published May 24, 2022

SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or... Critical Unreviewed

CVE-2020-24881 was published May 24, 2022

A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely... Critical Unreviewed

CVE-2020-25466 was published May 24, 2022

Emby Server before 4.5.0 allows SSRF via the Items/RemoteSearch/Image ImageURL parameter. Critical Unreviewed

CVE-2020-26948 was published May 24, 2022

An SSRF issue was discovered in Enghouse Web Chat 6.1.300.31. In any POST request, one can... Critical Unreviewed

CVE-2019-16948 was published May 24, 2022

An SSRF issue was discovered in the legacy Web launcher in Thycotic Secret Server before 10.7. Critical Unreviewed

CVE-2019-18355 was published May 24, 2022

WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because URL... Critical Unreviewed

CVE-2019-17669 was published May 24, 2022

SalesAgility SuiteCRM 7.10.x 7.10.19 and 7.11.x before and 7.11.7 has SSRF. Critical Unreviewed

CVE-2019-13335 was published May 24, 2022

A blind SSRF vulnerability exists in the Visualizer plugin before 3.3.1 for WordPress via wp-json... Critical Unreviewed

CVE-2019-16932 was published May 24, 2022

A Server-Side Request Forgery (SSRF): CWE-918 vulnerability exists in U.motion Server (MEG6501... Critical Unreviewed

CVE-2019-6837 was published May 24, 2022

Previous 1 2 3 4 5 6 7 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

167 advisories