Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

1,126 advisories

Loading
Authenticated Server Side Request Forgery Low
GHSA-8pfh-mm2g-hmc3 was published for shopware/core (Composer) Dec 21, 2020
Server-Side Forgery Request can be activated unmarshalling with XStream High
CVE-2020-26258 was published for com.thoughtworks.xstream:xstream (Maven) Dec 21, 2020
SSRF vulnerability in Apache Airflow Moderate
CVE-2020-17513 was published for apache-airflow (pip) Dec 17, 2020
sunSUNQ
Server-Side Request Forgery in ftp-srv High
GHSA-r4m5-47cq-6qg8 was published for ftp-srv (npm) Sep 4, 2020
shermdog
Server-Side Request Forgery in html-pdf-chrome High
GHSA-5p98-wpc9-g498 was published for html-pdf-chrome (npm) Sep 4, 2020
westy92
Server-Side Request Forgery in @uppy/companion High
CVE-2020-8135 was published for @uppy/companion (npm) Sep 3, 2020
Server-Side Request Forgery in ftp-srv Critical
CVE-2020-15152 was published for ftp-srv (npm) Aug 17, 2020
andreeleuterio trs
quiquelhappy
Server-Side Request Forgery in @uppy/companion High
CVE-2020-8205 was published for @uppy/companion (npm) Aug 13, 2020
Server-Side Request Forgery (SSRF) in Apache Olingo High
CVE-2020-1925 was published for org.apache.olingo:odata-client-core (Maven) Feb 4, 2020
graphite.composer.views.send_email vulnerable to SSRF High
CVE-2017-18638 was published for graphite-web (pip) Oct 25, 2019
JLLeitschuh alex
orangetw
Server-Side Request Forgery in unoconv High
CVE-2019-17400 was published for unoconv (pip) Oct 24, 2019
Server-Side Request Forgery in Hawt Hawtio Critical
CVE-2019-9827 was published for io.hawt:hawtio-core (Maven) Jul 5, 2019
ruby-openid SSRF via claimed_id request Critical
CVE-2019-11027 was published for ruby-openid (RubyGems) Jun 13, 2019
Server-Side Request Forgery in terriajs-server High
GHSA-p72p-rjr2-r439 was published for terriajs-server (npm) May 29, 2019
Server Side Request Forgery in Apache Axis High
CVE-2019-0227 was published for axis:axis (Maven) May 14, 2019
ebickle
Server-Side Request Forgery (SSRF) in com.ctrip.framework.apollo:apollo Critical
CVE-2019-10686 was published for com.ctrip.framework.apollo:apollo (Maven) Apr 18, 2019
Server-Side Request Forgery (SSRF) in org.apache.solr:solr-core High
CVE-2017-3164 was published for org.apache.solr:solr-core (Maven) Mar 14, 2019
Server-Side Request Forgery (SSRF) in jackson-databind Critical
CVE-2018-14721 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jan 4, 2019
Recurly vulnerable to SSRF Critical
CVE-2017-0906 was published for recurly (pip) Jan 4, 2019
Server Side Request Forgery in svgSalamander High
CVE-2017-5617 was published for com.kitfox.svg:svg-salamander (Maven) Oct 19, 2018
jackson-dataformat-xml vulnerable to server side request forgery (SSRF) High
CVE-2016-7051 was published for com.fasterxml.jackson.dataformat:jackson-dataformat-xml (Maven) Oct 18, 2018
Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE. High
CVE-2017-5643 was published for org.apache.camel:camel-core (Maven) Oct 16, 2018
sunSUNQ
Critical severity vulnerability that affects recurly-api-client Critical
CVE-2017-0907 was published for recurly-api-client (NuGet) Oct 16, 2018
High severity vulnerability that affects DotNetNuke.Core High
CVE-2017-0929 was published for DotNetNuke.Core (NuGet) Oct 16, 2018
paperclip Server-Side Request Forgery vulnerability Critical
CVE-2017-0889 was published for paperclip (RubyGems) Jan 22, 2018
ProTip! Advisories are also available from the GraphQL API