Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+

229 advisories

Loading
The server in Jamf Pro before 10.32.0 has a vulnerability affecting integrity and availability,... Critical Unreviewed
CVE-2021-39303 was published May 24, 2022
Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1... Critical Unreviewed
CVE-2021-27561 was published May 24, 2022
Myucms v2.2.1 contains a server-side request forgery (SSRF) in the component \controller\index... Critical Unreviewed
CVE-2020-21653 was published May 24, 2022
An issue was discovered in Zammad before 4.1.1. SSRF can occur via GitHub or GitLab integration. Critical Unreviewed
CVE-2021-42091 was published May 24, 2022
ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF. Critical Unreviewed
CVE-2021-37419 was published May 24, 2022
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen... Critical Unreviewed
CVE-2021-40438 was published May 24, 2022
Server-Side Request Forgery (SSRF) vulnerability has been detected in the SAP NetWeaver... Critical Unreviewed
CVE-2021-33690 was published May 24, 2022
eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject a url to trigger... Critical Unreviewed
CVE-2021-39497 was published May 24, 2022
Nagios XI Docker Wizard before version 1.1.3 is vulnerable to SSRF due to improper sanitation in... Critical Unreviewed
CVE-2021-37353 was published May 24, 2022
The OnAir2 WordPress theme before 3.9.9.2 and QT KenthaRadio WordPress plugin before 2.0.2 have... Critical Unreviewed
CVE-2021-24472 was published May 24, 2022
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021... Critical Unreviewed
CVE-2021-34473 was published May 24, 2022
A Server-Side Request Forgery (SSRF) vulnerability in ArcGIS Server Manager version 10.8.1 and... Critical Unreviewed
CVE-2021-29102 was published May 24, 2022
Server-side request forgery in the Video Downloader for TikTok (aka downloader-tiktok) plugin 1.3... Critical Unreviewed
CVE-2020-24142 was published May 24, 2022
Server-side request forgery (SSR) vulnerability in the WP Smart Import (wp-smart-import) plugin 1... Critical Unreviewed
CVE-2020-24147 was published May 24, 2022
Server-side request forgery (SSRF) in the Import XML and RSS Feeds (import-xml-feed) plugin 2.0.1... Critical Unreviewed
CVE-2020-24148 was published May 24, 2022
Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to Server-Side Request Forgery ... Critical Unreviewed
CVE-2021-31531 was published May 24, 2022
When requests to the internal network for webhooks are enabled, a server-side request forgery... Critical Unreviewed
CVE-2021-22175 was published May 24, 2022
Webtools in Brocade SANnav before version 2.1.1 allows unauthenticated users to make requests to... Critical Unreviewed
CVE-2020-15377 was published May 24, 2022
Server-Side Request Forgery (SSRF) vulnerability in webapi component in Synology Video Station... Critical Unreviewed
CVE-2021-33181 was published May 24, 2022
BMC Remedy Mid Tier 9.1SP3 is affected by remote and local file inclusion. Due to the lack of... Critical Unreviewed
CVE-2017-17674 was published May 24, 2022
A remote server side request forgery (SSRF) remote code execution vulnerability was discovered in... Critical Unreviewed
CVE-2021-29145 was published May 24, 2022
A server-side request forgery (SSRF) vulnerability in the addCustomThemePluginRepository function... Critical Unreviewed
CVE-2020-35313 was published May 24, 2022
MuleSoft is aware of a Server Side Request Forgery vulnerability affecting certain versions of a... Critical Unreviewed
CVE-2021-1627 was published May 24, 2022
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021... Critical Unreviewed
CVE-2021-26855 was published May 24, 2022
Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter. Critical Unreviewed
CVE-2021-27670 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database