GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,960
Composer 4,279
Erlang 31
GitHub Actions 21
Go 2,056
Maven 5,237
npm 3,740
NuGet 668
pip 3,421
Pub 12
RubyGems 891
Rust 873
Swift 36

Unreviewed advisories

All unreviewed 238,868

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

294 advisories

Filter by severity

Sort by

Least recently updated

An SSRF vulnerability was discovered in idreamsoft iCMS 7.0.11 because the remote function in app... High Unreviewed

CVE-2018-15895 was published May 14, 2022

Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory Federation Services) has an... High Unreviewed

CVE-2018-16794 was published May 14, 2022

Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability... High Unreviewed

CVE-2018-16793 was published May 14, 2022

The Omni Commerce Connect API (OCC) of SAP Hybris Commerce, versions 6.*, is vulnerable to server... High Unreviewed

CVE-2018-2463 was published May 14, 2022

An SSRF issue was discovered in tecrail Responsive FileManager 9.13.4 via the upload.php url... High Unreviewed

CVE-2018-18867 was published May 14, 2022

An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before... High Unreviewed

CVE-2018-18646 was published May 14, 2022

qibosoft through V7 allows remote attackers to read arbitrary files via the member/index.php main... High Unreviewed

CVE-2019-5725 was published May 14, 2022

** DISPUTED ** The "secret chat" feature in Telegram 4.9.1 for Android has a "side channel" in... High Unreviewed

CVE-2018-20436 was published May 14, 2022

The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to... High Unreviewed

CVE-2018-15517 was published May 14, 2022

An SSRF issue was discovered in 42Gears SureMDM before 2018-11-27 via the /api... High Unreviewed

CVE-2018-15657 was published May 14, 2022

The Dundas BI server before 5.0.1.1010 is vulnerable to a Server-Side Request Forgery attack,... High Unreviewed

CVE-2018-18569 was published May 14, 2022

In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading... High Unreviewed

CVE-2017-9066 was published May 14, 2022

** DISPUTED ** The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the... High Unreviewed

CVE-2017-16870 was published May 14, 2022

A Server-Side Request Forgery (SSRF) vulnerability exists in MicroStrategy Web SDK 11.1 and... High Unreviewed

CVE-2020-22983 was published May 14, 2022

A server-side request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250... High Unreviewed

CVE-2018-7516 was published May 13, 2022

The Ping() function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint... High Unreviewed

CVE-2017-17697 was published May 13, 2022

A Server Side Request Forgery (SSRF) vulnerability in tools/files/importers/remote.php in... High Unreviewed

CVE-2018-13790 was published May 13, 2022

In Progress Ipswitch WhatsUp Gold 21.0.0 through 21.1.1, and 22.0.0, it is possible for an... High Unreviewed

CVE-2022-29847 was published May 12, 2022

The HubSpot WordPress plugin before 8.8.15 does not validate the proxy URL given to the proxy... High Unreviewed

CVE-2022-1239 was published May 3, 2022

DB4Web server, when configured to use verbose debug messages, allows remote attackers to use... High Unreviewed

CVE-2002-1484 was published Apr 30, 2022

RiSearch 1.0.01 and RiSearch Pro 3.2.06 allows remote attackers to use the show.pl script as an... High Unreviewed

CVE-2004-2061 was published Apr 29, 2022

The EXMAGE WordPress plugin before 1.0.7 does to ensure that images added via URLs are external... High Unreviewed

CVE-2022-1037 was published Apr 19, 2022

A Server-Side Request Forgery (SSRF) in Chamilo LMS v1.11.13 allows attackers to enumerate the... High Unreviewed

CVE-2022-27426 was published Apr 16, 2022

IBM Planning Analytics 2.0 is vulnerable to server-side request forgery (SSRF). This may allow an... High Unreviewed

CVE-2022-22339 was published Apr 9, 2022

Server-Side Request Forgery (SSRF) vulnerability in Johnson Controls Metasys could allow an... High Unreviewed

CVE-2021-36202 was published Apr 8, 2022

Previous 1 2 … 8 9 10 11 12 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

294 advisories