Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+

123 advisories

Loading
Server side request forgery in LiveHelperChat High
CVE-2022-1213 was published for remdex/livehelperchat (Composer) Apr 6, 2022
Server side request forgery in C1 CMS High
CVE-2022-24789 was published for C1CMS.Assemblies (NuGet) Mar 30, 2022
Server-Side Request Forgery in FUXA High
CVE-2021-45851 was published for @frangoteam/fuxa (npm) Mar 17, 2022
Agent-to-controller security bypass in Jenkins Semantic Versioning Plugin High
CVE-2022-27201 was published for org.jenkins-ci.plugins:semantic-versioning-plugin (Maven) Mar 16, 2022
NotMyFault
Server-Side Request Forgery and Open Redirect in AllTube Download High
CVE-2022-24739 was published for rudloff/alltube (Composer) Mar 9, 2022
Rudloff
Incorrect Authorization in @uppy/companion High
CVE-2022-0528 was published for @uppy/companion (npm) Mar 4, 2022
SSRF in Kitodo.Presentation High
CVE-2022-24980 was published for kitodo/presentation (Composer) Feb 20, 2022
Server-side request forgery (SSRF) in Apache Batik High
CVE-2019-17566 was published for org.apache.xmlgraphics:batik (Maven) Feb 9, 2022
Server-side request forgery (SSRF) in Apache XmlGraphics Commons High
CVE-2020-11988 was published for org.apache.xmlgraphics:xmlgraphics-commons (Maven) Feb 9, 2022
Server-Side Request Forgery in Apache Traffic Control High
CVE-2022-23206 was published for github.com/apache/trafficcontrol (Go) Feb 7, 2022
Server side request forgery in @isomorphic-git/cors-proxy High
CVE-2021-23664 was published for @isomorphic-git/cors-proxy (npm) Jan 26, 2022
Cross-site Scripting in HTML2PDF High
CVE-2021-45394 was published for spipu/html2pdf (Composer) Jan 21, 2022
uppy's companion module is vulnerable to Server-Side Request Forgery (SSRF) High
CVE-2022-0086 was published for uppy (npm) Jan 6, 2022
Haxatron
Server-side request forgery (SSRF) in Apache Batik High
CVE-2020-11987 was published for org.apache.xmlgraphics:batik-svgbrowser (Maven) Jan 6, 2022
jkmartindale
Server-Side Request Forgery in snipe/snipe-it High
CVE-2021-4075 was published for snipe/snipe-it (Composer) Dec 10, 2021
Server-Side Request Forgery vulnerability in concrete5 High
CVE-2021-22958 was published for concrete5/concrete5 (Composer) Oct 12, 2021
Response Splitting from unsanitized headers High
CVE-2021-41084 was published for org.http4s:http4s-client (Maven) Sep 22, 2021
Server-Side Request Forgery in UReport High
CVE-2020-21122 was published for com.bstek.ureport:ureport2-console (Maven) Sep 20, 2021
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host High
CVE-2021-39150 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host High
CVE-2021-39152 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
Authenticated server-side request forgery in file upload via URL. High
CVE-2021-37711 was published for shopware/core (Composer) Aug 23, 2021
Server-Side Request Forgery in Plone High
CVE-2021-33511 was published for Plone (pip) Jun 15, 2021
Django Access Control Bypass possibly leading to SSRF, RFI, and LFI attacks High
CVE-2021-33571 was published for Django (pip) Jun 10, 2021
tdunlap607
Authorization service vulnerable to DDos attacks in Apache CFX High
CVE-2021-22696 was published for org.apache.cxf:apache-cxf (Maven) May 13, 2021
Server Side Request Forgery (SSRF) in org.mitre:openid-connect-server High
CVE-2021-26715 was published for org.mitre:openid-connect-server (Maven) May 13, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database