Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,360
Erlang
33
GitHub Actions
22
Go
2,127
Maven
5,000+
npm
3,793
NuGet
683
pip
3,471
Pub
12
RubyGems
894
Rust
894
Swift
38
Unreviewed advisories
All unreviewed
5,000+

233 advisories

Loading
Server-Side Request Forgery (SSRF) vulnerability in Hitachi Infrastructure Analytics Advisor on... Critical Unreviewed
CVE-2022-41552 was published Nov 1, 2022
Skipper vulnerable to SSRF via X-Skipper-Proxy Critical
CVE-2022-38580 was published for github.com/zalando/skipper (Go) Oct 25, 2022
tdunlap607
kkFileView 4.0 is vulnerable to Server-side request forgery (SSRF) via controller... Critical Unreviewed
CVE-2022-42149 was published Oct 18, 2022
A security issue was discovered in WeBid <=1.2.2. A Server-Side Request Forgery (SSRF)... Critical Unreviewed
CVE-2022-41477 was published Oct 15, 2022
ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the pkg_url... Critical Unreviewed
CVE-2022-41497 was published Oct 14, 2022
iCMS v7.0.16 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter... Critical Unreviewed
CVE-2022-41496 was published Oct 14, 2022
ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the... Critical Unreviewed
CVE-2022-41495 was published Oct 14, 2022
A security issue was discovered in Z-BlogPHP <= 1.7.2. A Server-Side Request Forgery (SSRF)... Critical Unreviewed
CVE-2022-40357 was published Sep 21, 2022
Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url Critical
CVE-2022-2900 was published for parse-url (npm) Sep 15, 2022
allanlewis G-Rath
SLiMS Senayan Library Management System v9.4.2 was discovered to contain multiple Server-Side... Critical Unreviewed
CVE-2022-38292 was published Sep 13, 2022
A Server-Side Request Forgery issue in Canto Cumulus through 11.1.3 allows attackers to enumerate... Critical Unreviewed
CVE-2022-40305 was published Sep 10, 2022
Rank Math SEO plugin vulnerable to Server-Side Request Forgery Critical
CVE-2022-36376 was published for rankmath/seo-by-rank-math (Composer) Sep 10, 2022
Gluu Oxauth before v4.4.1 vulnerable to Server-Side Request Forgery attacks via a crafted request_uri parameter Critical
CVE-2022-36663 was published for org.gluu:oxauth-common (Maven) Sep 7, 2022
tdunlap607
Server-side Request Forgery (SSRF) vulnerability in PublicCMS before 4.0.202011.b via /publiccms... Critical Unreviewed
CVE-2021-27693 was published Sep 3, 2022
wkhtmlTOpdf 0.12.6 is vulnerable to SSRF which allows an attacker to get initial access into the... Critical Unreviewed
CVE-2022-35583 was published Aug 23, 2022
Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x before 5.0.3 allows SSRF via... Critical Unreviewed
CVE-2022-25801 was published Jul 15, 2022
Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x before 5.0.3 allows SSRF via... Critical Unreviewed
CVE-2022-25800 was published Jul 15, 2022
Insufficient user input in Apache Jetspeed-2 Critical
CVE-2022-32533 was published for org.apache.portals.jetspeed-2:jetspeed-commons (Maven) Jul 7, 2022
Server-Side Request Forgery in parse-url Critical
CVE-2022-2216 was published for parse-url (npm) Jun 28, 2022
Halo CMS v1.5.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the template... Critical Unreviewed
CVE-2022-32995 was published Jun 28, 2022
flatCore-CMS version 2.0.8 calls dangerous functions, causing server-side request forgery... Critical Unreviewed
CVE-2021-41403 was published Jun 16, 2022
A Server-Side Request Forgery (SSRF) vulnerability in IPS Community Suite before 4.6.2 allows... Critical Unreviewed
CVE-2021-40604 was published Jun 14, 2022
MonstaFTP v2.10.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the function... Critical Unreviewed
CVE-2022-31827 was published Jun 10, 2022
Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via... Critical Unreviewed
CVE-2022-31390 was published Jun 10, 2022
Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via... Critical Unreviewed
CVE-2022-31393 was published Jun 10, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database