Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

52 advisories

Loading
Server-Side Request Forgery in terriajs-server High
GHSA-p72p-rjr2-r439 was published for terriajs-server (npm) May 29, 2019
Server-Side Request Forgery in @uppy/companion High
CVE-2020-8135 was published for @uppy/companion (npm) Sep 3, 2020
Server-Side Request Forgery in html-pdf-chrome High
GHSA-5p98-wpc9-g498 was published for html-pdf-chrome (npm) Sep 4, 2020
westy92
RSSHub SSRF vulnerability High
CVE-2023-22493 was published for rsshub (npm) Jan 11, 2023
dwisiswant0
Server-Side Request Forgery in FUXA High
CVE-2021-45851 was published for @frangoteam/fuxa (npm) Mar 17, 2022
Server-Side Request Forgery in kityminder Critical
CVE-2022-31830 was published for kityminder (npm) Jun 10, 2022
Server-Side Request Forgery in parse-url Critical
CVE-2022-2216 was published for parse-url (npm) Jun 28, 2022
Server-Side Request Forgery in Directus Moderate
CVE-2022-23080 was published for directus (npm) Jun 23, 2022
Server-Side Request Forgery in link-preview-js Moderate
CVE-2022-25876 was published for link-preview-js (npm) Jul 2, 2022
jhutchings1
Server-Side Request Forgery in ftp-srv Critical
CVE-2020-15152 was published for ftp-srv (npm) Aug 17, 2020
andreeleuterio trs
quiquelhappy
Axios vulnerable to Server-Side Request Forgery Moderate
CVE-2020-28168 was published for axios (npm) Jan 4, 2021
SSRF in Rendertron Moderate
CVE-2020-8902 was published for rendertron (npm) Mar 1, 2021
Server-Side Request Forgery and Inclusion of Functionality from Untrusted Control Sphere in jsreport High
CVE-2020-8128 was published for jsreport (npm) Apr 13, 2021
Server-Side Request Forgery in private-ip Critical
CVE-2020-28360 was published for private-ip (npm) Apr 13, 2021
Server-Side Request Forgery in node-pdf-generator High
CVE-2020-7740 was published for node-pdf-generator (npm) May 10, 2021
Server-Side Request Forgery in phantomjs-seo High
CVE-2020-7739 was published for phantomjs-seo (npm) May 10, 2021
Server-side request forgery in Ghost CMS Moderate
CVE-2020-8134 was published for ghost (npm) May 6, 2021
Server-Side Request Forgery in ssrf-agent Moderate
CVE-2021-23718 was published for ssrf-agent (npm) Dec 2, 2021
uppy's companion module is vulnerable to Server-Side Request Forgery (SSRF) High
CVE-2022-0086 was published for uppy (npm) Jan 6, 2022
Haxatron
`undici.request` vulnerable to SSRF using absolute URL on `pathname` Moderate
CVE-2022-35949 was published for undici (npm) Aug 18, 2022
Haxatron
Server side request forgery in @isomorphic-git/cors-proxy High
CVE-2021-23664 was published for @isomorphic-git/cors-proxy (npm) Jan 26, 2022
Server-Side Request Forgery in @peertube/embed-api Moderate
CVE-2022-0508 was published for @peertube/embed-api (npm) Feb 9, 2022
Directus vulnerable to Server-Side Request Forgery On File Import Moderate
CVE-2023-26492 was published for directus (npm) Mar 3, 2023
Ccamm votr123
SvelteKit framework has Insufficient CSRF protection for CORS requests High
CVE-2023-29008 was published for @sveltejs/kit (npm) Apr 7, 2023
Ry0taK benmccann
dominikg Conduitry
Server side request forgery in SwaggerUI Moderate
GHSA-qrmm-w75w-3wpx was published for Swashbuckle.AspNetCore.SwaggerUI (npm) Dec 9, 2021
dinvlad pshelton-skype
Dingjie-Daniel-Yang
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database