GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
1,161 advisories
Filter by severity
Recurly gem Server-Side Request Forgery in Resource#find method
Critical
CVE-2017-0905
was published
for
recurly
(RubyGems)
Dec 6, 2017
paperclip Server-Side Request Forgery vulnerability
Critical
CVE-2017-0889
was published
for
paperclip
(RubyGems)
Jan 22, 2018
High severity vulnerability that affects DotNetNuke.Core
High
CVE-2017-0929
was published
for
DotNetNuke.Core
(NuGet)
Oct 16, 2018
Critical severity vulnerability that affects recurly-api-client
Critical
CVE-2017-0907
was published
for
recurly-api-client
(NuGet)
Oct 16, 2018
Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE.
High
CVE-2017-5643
was published
for
org.apache.camel:camel-core
(Maven)
Oct 16, 2018
jackson-dataformat-xml vulnerable to server side request forgery (SSRF)
High
CVE-2016-7051
was published
for
com.fasterxml.jackson.dataformat:jackson-dataformat-xml
(Maven)
Oct 18, 2018
Server Side Request Forgery in svgSalamander
High
CVE-2017-5617
was published
for
com.kitfox.svg:svg-salamander
(Maven)
Oct 19, 2018
Server-Side Request Forgery (SSRF) in jackson-databind
Critical
CVE-2018-14721
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jan 4, 2019
Server-Side Request Forgery (SSRF) in org.apache.solr:solr-core
High
CVE-2017-3164
was published
for
org.apache.solr:solr-core
(Maven)
Mar 14, 2019
Server-Side Request Forgery (SSRF) in com.ctrip.framework.apollo:apollo
Critical
CVE-2019-10686
was published
for
com.ctrip.framework.apollo:apollo
(Maven)
Apr 18, 2019
Server Side Request Forgery in Apache Axis
High
CVE-2019-0227
was published
for
axis:axis
(Maven)
May 14, 2019
Server-Side Request Forgery in terriajs-server
High
GHSA-p72p-rjr2-r439
was published
for
terriajs-server
(npm)
May 29, 2019
ruby-openid SSRF via claimed_id request
Critical
CVE-2019-11027
was published
for
ruby-openid
(RubyGems)
Jun 13, 2019
Server-Side Request Forgery in Hawt Hawtio
Critical
CVE-2019-9827
was published
for
io.hawt:hawtio-core
(Maven)
Jul 5, 2019
Server-Side Request Forgery in unoconv
High
CVE-2019-17400
was published
for
unoconv
(pip)
Oct 24, 2019
graphite.composer.views.send_email vulnerable to SSRF
High
CVE-2017-18638
was published
for
graphite-web
(pip)
Oct 25, 2019
Server-Side Request Forgery (SSRF) in Apache Olingo
High
CVE-2020-1925
was published
for
org.apache.olingo:odata-client-core
(Maven)
Feb 4, 2020
Server-Side Request Forgery in @uppy/companion
High
CVE-2020-8205
was published
for
@uppy/companion
(npm)
Aug 13, 2020
Server-Side Request Forgery in ftp-srv
Critical
CVE-2020-15152
was published
for
ftp-srv
(npm)
Aug 17, 2020
Server-Side Request Forgery in @uppy/companion
High
CVE-2020-8135
was published
for
@uppy/companion
(npm)
Sep 3, 2020
Server-Side Request Forgery in html-pdf-chrome
High
GHSA-5p98-wpc9-g498
was published
for
html-pdf-chrome
(npm)
Sep 4, 2020
Server-Side Request Forgery in ftp-srv
High
GHSA-r4m5-47cq-6qg8
was published
for
ftp-srv
(npm)
Sep 4, 2020
SSRF vulnerability in Apache Airflow
Moderate
CVE-2020-17513
was published
for
apache-airflow
(pip)
Dec 17, 2020
Server-Side Forgery Request can be activated unmarshalling with XStream
High
CVE-2020-26258
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Dec 21, 2020
ProTip!
Advisories are also available from the
GraphQL API