Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,161 advisories

Loading
Server-Side Request Forgery in parse-url Critical
CVE-2022-2216 was published for parse-url (npm) Jun 28, 2022
OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via... Moderate Unreviewed
CVE-2022-34011 was published Jun 24, 2022
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request... Moderate Unreviewed
CVE-2021-20544 was published Jun 25, 2022
A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated... Moderate Unreviewed
CVE-2022-26135 was published Jul 1, 2022
Halo CMS v1.5.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the template... Critical Unreviewed
CVE-2022-32995 was published Jun 28, 2022
In FineCMS before 2017-07-06, application/lib/ajax/get_image_data.php has SSRF, related to... Moderate Unreviewed
CVE-2017-10973 was published May 17, 2022
The Import Export All WordPress Images, Users & Post Types WordPress plugin before 6.5.3 does not... High Unreviewed
CVE-2022-1977 was published Jun 28, 2022
OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via... Moderate Unreviewed
CVE-2022-34013 was published Jun 24, 2022
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request... Moderate Unreviewed
CVE-2021-20421 was published Jun 25, 2022
Server-Side Request Forgery in Directus Moderate
CVE-2022-23080 was published for directus (npm) Jun 23, 2022
With this SSRF vulnerability, an attacker can reach internal addresses to make a request as the... High Unreviewed
CVE-2022-2339 was published Jul 8, 2022
An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because a regular... Critical Unreviewed
CVE-2017-8794 was published May 17, 2022
Server-Side Request Forgery in link-preview-js Moderate
CVE-2022-25876 was published for link-preview-js (npm) Jul 2, 2022
jhutchings1
A vulnerability, which was classified as critical, has been found in Lithium Forum 2017 Q1. This... Moderate Unreviewed
CVE-2017-20106 was published Jun 29, 2022
SSRF vulnerability in remotedownload.php in Allen Disk 1.6 allows remote authenticated users to... Moderate Unreviewed
CVE-2017-9307 was published May 17, 2022
Insufficient user input in Apache Jetspeed-2 Critical
CVE-2022-32533 was published for org.apache.portals.jetspeed-2:jetspeed-commons (Maven) Jul 7, 2022
Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x before 5.0.3 allows SSRF via... Critical Unreviewed
CVE-2022-25801 was published Jul 15, 2022
MyBB before 1.8.11 allows remote attackers to bypass an SSRF protection mechanism. High Unreviewed
CVE-2017-7566 was published May 17, 2022
The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor... High Unreviewed
CVE-2022-22982 was published Jul 14, 2022
Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x before 5.0.3 allows SSRF via... Critical Unreviewed
CVE-2022-25800 was published Jul 15, 2022
ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server... High Unreviewed
CVE-2016-7999 was published May 17, 2022
F5 SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 is vulnerable to a Server-Side... High Unreviewed
CVE-2017-6130 was published May 17, 2022
IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to server... Moderate Unreviewed
CVE-2022-22416 was published Jul 20, 2022
In vBulletin before 5.3.0, remote attackers can bypass the CVE-2016-6483 patch and conduct SSRF... High Unreviewed
CVE-2017-7569 was published May 17, 2022
IBM Forms Experience Builder could be susceptible to a server-side request forgery (SSRF) from... Low Unreviewed
CVE-2016-6001 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database