Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

389 advisories

Loading
A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService of Bitdefender... High Unreviewed
CVE-2021-3553 was published May 24, 2022
The LikeBtn WordPress Like Button Rating ♥ LikeBtn WordPress plugin before 2.6.32 was... High Unreviewed
CVE-2021-24150 was published May 24, 2022
mysiteforme v2.2.1 was discovered to contain a Server-Side Request Forgery. High Unreviewed
CVE-2022-29309 was published May 25, 2022
4thline cling uPnP protocol issue can lead to denial of service High
CVE-2020-23622 was published for org.fourthline.cling:cling-core (Maven) Aug 16, 2022
Auth. (subscriber+) Server-Side Request Forgery (SSRF) vulnerability in Better Messages plugin 1... High Unreviewed
CVE-2022-41609 was published Nov 19, 2022
The Web Player component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS... High Unreviewed
CVE-2022-30579 was published Sep 21, 2022
A Server-Side Request Forgery (SSRF) in Rocket TRUfusion Portal v7.9.2.1 allows remote attackers... High Unreviewed
CVE-2022-25026 was published Jan 13, 2023
GeoServer allows SSRF via the option for setting a proxy host High
CVE-2021-40822 was published for org.geoserver:gs-main (Maven) May 3, 2022
The HubSpot WordPress plugin before 8.8.15 does not validate the proxy URL given to the proxy... High Unreviewed
CVE-2022-1239 was published May 3, 2022
ProxyScotch is vulnerable to a server-side Request Forgery (SSRF) High
CVE-2022-25850 was published for github.com/hoppscotch/proxyscotch (Go) May 3, 2022
WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because Windows... High Unreviewed
CVE-2019-17670 was published May 24, 2022
Server-Side Request Forgery in scout-browser High
CVE-2022-1592 was published for scout-browser (pip) May 6, 2022
In Progress Ipswitch WhatsUp Gold 21.0.0 through 21.1.1, and 22.0.0, it is possible for an... High Unreviewed
CVE-2022-29847 was published May 12, 2022
Server-Side Request Forgery in unoconv High
CVE-2019-17400 was published for unoconv (pip) Oct 24, 2019
A Server Side Request Forgery (SSRF) vulnerability in tools/files/importers/remote.php in... High Unreviewed
CVE-2018-13790 was published May 13, 2022
A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). An... High Unreviewed
CVE-2022-42894 was published Nov 17, 2022
Server-Side Forgery Request can be activated unmarshalling with XStream High
CVE-2020-26258 was published for com.thoughtworks.xstream:xstream (Maven) Dec 21, 2020
SSRF in adminer High
CVE-2021-21311 was published for vrana/adminer (Composer) Feb 11, 2021
bpsizemore UNC1739
Server Side Request Forgery (SSRF) in org.mitre:openid-connect-server High
CVE-2021-26715 was published for org.mitre:openid-connect-server (Maven) May 13, 2021
Server-Side Request Forgery and Inclusion of Functionality from Untrusted Control Sphere in jsreport High
CVE-2020-8128 was published for jsreport (npm) Apr 13, 2021
Server-side request forgery (SSRF) in Apache XmlGraphics Commons High
CVE-2020-11988 was published for org.apache.xmlgraphics:xmlgraphics-commons (Maven) Feb 9, 2022
Authorization service vulnerable to DDos attacks in Apache CFX High
CVE-2021-22696 was published for org.apache.cxf:apache-cxf (Maven) May 13, 2021
Server-Side Request Forgery in Apache Solr High
CVE-2021-27905 was published for org.apache.solr:solr-parent (Maven) May 10, 2021
SSRF in Sydent due to missing validation of hostnames High
CVE-2021-29431 was published for matrix-sydent (pip) Apr 19, 2021
Server-Side Request Forgery in Spinnaker Orca High
CVE-2020-9298 was published for com.netflix.spinnaker.orca:orca-core (Maven) May 7, 2021
ProTip! Advisories are also available from the GraphQL API