Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

1,161 advisories

Loading
Server-Side Request Forgery in private-ip Critical
CVE-2020-28360 was published for private-ip (npm) Apr 13, 2021
SSRF attacks via tracebacks in Plone High
CVE-2020-28735 was published for Plone (pip) Apr 7, 2021
Server-side Request Forgery (SSRF) via img tags in reportlab High
CVE-2020-28463 was published for reportlab (pip) Mar 29, 2021
SSRF in Rendertron Moderate
CVE-2020-8902 was published for rendertron (npm) Mar 1, 2021
vrana/adminer vulnerable to SSRF by connecting to privileged ports Moderate
CVE-2018-7667 was published for vrana/adminer (Composer) Feb 11, 2021
SecGus
SSRF in adminer High
CVE-2021-21311 was published for vrana/adminer (Composer) Feb 11, 2021
bpsizemore UNC1739
Server-side request forgery in CarrierWave Moderate
CVE-2021-21288 was published for carrierwave (RubyGems) Feb 8, 2021
chadwilken phosphore
Axios vulnerable to Server-Side Request Forgery Moderate
CVE-2020-28168 was published for axios (npm) Jan 4, 2021
Authenticated Server Side Request Forgery Low
GHSA-8pfh-mm2g-hmc3 was published for shopware/core (Composer) Dec 21, 2020
Server-Side Forgery Request can be activated unmarshalling with XStream High
CVE-2020-26258 was published for com.thoughtworks.xstream:xstream (Maven) Dec 21, 2020
SSRF vulnerability in Apache Airflow Moderate
CVE-2020-17513 was published for apache-airflow (pip) Dec 17, 2020
sunSUNQ
Server-Side Request Forgery in ftp-srv High
GHSA-r4m5-47cq-6qg8 was published for ftp-srv (npm) Sep 4, 2020
shermdog
Server-Side Request Forgery in html-pdf-chrome High
GHSA-5p98-wpc9-g498 was published for html-pdf-chrome (npm) Sep 4, 2020
westy92
Server-Side Request Forgery in @uppy/companion High
CVE-2020-8135 was published for @uppy/companion (npm) Sep 3, 2020
Server-Side Request Forgery in ftp-srv Critical
CVE-2020-15152 was published for ftp-srv (npm) Aug 17, 2020
andreeleuterio trs
quiquelhappy
Server-Side Request Forgery in @uppy/companion High
CVE-2020-8205 was published for @uppy/companion (npm) Aug 13, 2020
Server-Side Request Forgery (SSRF) in Apache Olingo High
CVE-2020-1925 was published for org.apache.olingo:odata-client-core (Maven) Feb 4, 2020
graphite.composer.views.send_email vulnerable to SSRF High
CVE-2017-18638 was published for graphite-web (pip) Oct 25, 2019
JLLeitschuh alex
orangetw
Server-Side Request Forgery in unoconv High
CVE-2019-17400 was published for unoconv (pip) Oct 24, 2019
Server-Side Request Forgery in Hawt Hawtio Critical
CVE-2019-9827 was published for io.hawt:hawtio-core (Maven) Jul 5, 2019
ruby-openid SSRF via claimed_id request Critical
CVE-2019-11027 was published for ruby-openid (RubyGems) Jun 13, 2019
Server-Side Request Forgery in terriajs-server High
GHSA-p72p-rjr2-r439 was published for terriajs-server (npm) May 29, 2019
Server Side Request Forgery in Apache Axis High
CVE-2019-0227 was published for axis:axis (Maven) May 14, 2019
ebickle
ProTip! Advisories are also available from the GraphQL API