Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,350
Erlang
31
GitHub Actions
22
Go
2,119
Maven
5,000+
npm
3,778
NuGet
680
pip
3,459
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

523 advisories

Loading
Because of no validation on a curl command in MagpieRSS 0.72 in the /extlib/Snoopy.class.inc file... Moderate Unreviewed
CVE-2021-28941 was published May 24, 2022
A Server-side request forgery (SSRF) flaw was found in Ansible Tower in versions before 3.6.5 and... Moderate Unreviewed
CVE-2020-14327 was published May 24, 2022
A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro Apex One... Moderate Unreviewed
CVE-2021-25241 was published May 24, 2022
Vembu BDR Suite before 4.2.0 allows Unauthenticated SSRF via a GET request that specifies a... Moderate Unreviewed
CVE-2021-26474 was published May 24, 2022
OX App Suite 7.10.4 and earlier allows SSRF via a snippet. Moderate Unreviewed
CVE-2020-28943 was published May 24, 2022
In CRMEB 3.1.0+ strict domain name filtering leads to SSRF(Server-Side Request Forgery). The... Moderate Unreviewed
CVE-2020-21788 was published May 24, 2022
The MessageBundleWhiteList class of atlassian-gadgets before version 4.2.37, from version 4.3.0... Moderate Unreviewed
CVE-2020-36232 was published May 24, 2022
IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request... Moderate Unreviewed
CVE-2021-20535 was published May 24, 2022
IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery ... Moderate Unreviewed
CVE-2021-20345 was published May 24, 2022
IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery ... Moderate Unreviewed
CVE-2021-20348 was published May 24, 2022
IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery ... Moderate Unreviewed
CVE-2021-20346 was published May 24, 2022
A vulnerability was discovered in GitLab versions before 12.2. GitLab was vulnerable to a SSRF... Moderate Unreviewed
CVE-2021-22179 was published May 24, 2022
Server-Side Request Forgery (SSRF) vulnerability in task management component in Synology... Moderate Unreviewed
CVE-2021-34811 was published May 24, 2022
Server-Side Request Forgery (SSRF) vulnerability in cgi component in Synology Media Server before... Moderate Unreviewed
CVE-2021-34808 was published May 24, 2022
A Server-Side Request Forgery (SSRF) vulnerability in Group Office 6.4.196 allows a remote... Moderate Unreviewed
CVE-2021-28060 was published May 24, 2022
IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery ... Moderate Unreviewed
CVE-2021-20343 was published May 24, 2022
IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery ... Moderate Unreviewed
CVE-2021-20347 was published May 24, 2022
Server-Side Request Forgery in Apache Dubbo Moderate
CVE-2021-25640 was published for com.alibaba:dubbo (Maven) Mar 18, 2022
IBM Security Identity Manager 6.0.2 is vulnerable to server-side request forgery (SSRF). By... Moderate Unreviewed
CVE-2021-20483 was published May 24, 2022
A Server-Side Request Forgery (SSRF) in feed_parser class of Navigate CMS v2.9.4 allows remote... Moderate Unreviewed
CVE-2022-28117 was published Apr 29, 2022
An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite... Moderate Unreviewed
CVE-2021-35209 was published May 24, 2022
Server-side request forgery in the WP-DownloadManager plugin 1.68.4 for WordPress lets an... Moderate Unreviewed
CVE-2020-24141 was published May 24, 2022
An SSRF vulnerability in the "Upload from URL" feature in Elements-IT HTTP Commander 5.3.3 allows... Moderate Unreviewed
CVE-2021-33213 was published May 24, 2022
OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows SSRF via a shared SVG... Moderate Unreviewed
CVE-2021-26699 was published May 24, 2022
Digiwin BPM has inadequate filtering for URL parameter. An unauthenticated remote attacker can... Moderate Unreviewed
CVE-2022-32457 was published Jul 21, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database