Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,350
Erlang
31
GitHub Actions
22
Go
2,119
Maven
5,000+
npm
3,778
NuGet
680
pip
3,459
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

305 advisories

Loading
The OAuth status rest resource in Atlassian Application Links before version 5.2.7, from 5.3.0... High Unreviewed
CVE-2017-18096 was published May 14, 2022
** DISPUTED ** Glastopf 3.1.3-dev has SSRF, as demonstrated by the abc.php a parameter. NOTE: the... High Unreviewed
CVE-2018-10220 was published May 14, 2022
The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6... High Unreviewed
CVE-2016-6621 was published May 14, 2022
The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39,... High Unreviewed
CVE-2018-5752 was published May 14, 2022
Trovebox version <= 4.0.0-rc6 contains a Server-Side request forgery vulnerability in webhook... High Unreviewed
CVE-2018-1000553 was published May 14, 2022
Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery... High Unreviewed
CVE-2018-12809 was published May 14, 2022
Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery... High Unreviewed
CVE-2018-5006 was published May 14, 2022
Adobe Experience Manager versions 6.2 and 6.3 have a Server-Side Request Forgery vulnerability.... High Unreviewed
CVE-2018-5004 was published May 14, 2022
An SSRF vulnerability was discovered in idreamsoft iCMS before V7.0.11 because the remote... High Unreviewed
CVE-2018-14858 was published May 14, 2022
Multiple server-side request forgery (SSRF) vulnerabilities in Yeager CMS 1.2.1 allow remote... High Unreviewed
CVE-2015-7570 was published May 14, 2022
In Gogs 0.11.53, an attacker can use migrate to send arbitrary HTTP GET requests, leading to SSRF. High Unreviewed
CVE-2018-16409 was published May 14, 2022
An SSRF vulnerability was discovered in idreamsoft iCMS 7.0.11 because the remote function in app... High Unreviewed
CVE-2018-15895 was published May 14, 2022
Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory Federation Services) has an... High Unreviewed
CVE-2018-16794 was published May 14, 2022
Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability... High Unreviewed
CVE-2018-16793 was published May 14, 2022
The Omni Commerce Connect API (OCC) of SAP Hybris Commerce, versions 6.*, is vulnerable to server... High Unreviewed
CVE-2018-2463 was published May 14, 2022
An SSRF issue was discovered in tecrail Responsive FileManager 9.13.4 via the upload.php url... High Unreviewed
CVE-2018-18867 was published May 14, 2022
An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before... High Unreviewed
CVE-2018-18646 was published May 14, 2022
qibosoft through V7 allows remote attackers to read arbitrary files via the member/index.php main... High Unreviewed
CVE-2019-5725 was published May 14, 2022
** DISPUTED ** The "secret chat" feature in Telegram 4.9.1 for Android has a "side channel" in... High Unreviewed
CVE-2018-20436 was published May 14, 2022
The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to... High Unreviewed
CVE-2018-15517 was published May 14, 2022
An SSRF issue was discovered in 42Gears SureMDM before 2018-11-27 via the /api... High Unreviewed
CVE-2018-15657 was published May 14, 2022
The Dundas BI server before 5.0.1.1010 is vulnerable to a Server-Side Request Forgery attack,... High Unreviewed
CVE-2018-18569 was published May 14, 2022
In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading... High Unreviewed
CVE-2017-9066 was published May 14, 2022
** DISPUTED ** The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the... High Unreviewed
CVE-2017-16870 was published May 14, 2022
A Server-Side Request Forgery (SSRF) vulnerability exists in MicroStrategy Web SDK 11.1 and... High Unreviewed
CVE-2020-22983 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database