Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+

229 advisories

Loading
SSRF (Server Side Request Forgery) in getRemoteImage.php in Ueditor in Onethink V1.0 and V1.1... Critical Unreviewed
CVE-2017-14323 was published May 14, 2022
A Server-Side Request Forgery (SSRF): CWE-918 vulnerability exists in U.motion Server (MEG6501... Critical Unreviewed
CVE-2019-6837 was published May 24, 2022
Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an... Critical Unreviewed
CVE-2018-12678 was published May 14, 2022
A web-accessible backdoor, with resultant SSRF, exists in Tp-shop 2.0.5 through 2.0.8, which... Critical Unreviewed
CVE-2018-9919 was published May 14, 2022
SSRF (Server Side Request Forgery) in /assets/lib/fuc.js.php in Cockpit 0.4.4 through 0.5.5... Critical Unreviewed
CVE-2018-9302 was published May 14, 2022
SSRF (Server Side Request Forgery) in Cockpit 0.13.0 allows remote attackers to read arbitrary... Critical Unreviewed
CVE-2017-14611 was published May 14, 2022
I, Librarian version 4.8 and earlier contains a SSRF vulnerability in "url" parameter of... Critical Unreviewed
CVE-2018-1000138 was published May 14, 2022
application/home/controller/debug.php in PHPRAP 1.0.4 through 1.0.8 has SSRF via the /debug URI,... Critical Unreviewed
CVE-2018-11031 was published May 14, 2022
SSRF (Server Side Request Forgery) in tpshop 2.0.5 and 2.0.6 allows remote attackers to obtain... Critical Unreviewed
CVE-2017-16614 was published May 14, 2022
SLiMS Senayan Library Management System v9.4.2 was discovered to contain multiple Server-Side... Critical Unreviewed
CVE-2022-38292 was published Sep 13, 2022
URL Restriction Bypass in GitHub repository plantuml/plantuml prior to V1.2022.5. An attacker can... Critical Unreviewed
CVE-2022-1379 was published May 15, 2022
An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A Server-Side Request... Critical Unreviewed
CVE-2017-11291 was published May 17, 2022
I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request Forgery in the... Critical Unreviewed
CVE-2017-1000237 was published May 17, 2022
Emby Server before 4.5.0 allows SSRF via the Items/RemoteSearch/Image ImageURL parameter. Critical Unreviewed
CVE-2020-26948 was published May 24, 2022
AWS SDK is vulnerable to server-side request forgery (SSRF) Critical
CVE-2022-4725 was published for com.amazonaws:aws-android-sdk-mobile-client (Maven) Dec 27, 2022
ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Server-side request forgery ... Critical Unreviewed
CVE-2022-40842 was published Nov 22, 2022
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use user-controlled input to craft a URL,... Critical Unreviewed
CVE-2021-42637 was published Feb 9, 2022
Novel-plus v3.6.0 was discovered to be vulnerable to Server-Side Request Forgery (SSRF) via user... Critical Unreviewed
CVE-2022-24568 was published Feb 11, 2022
This vulnerability could allow an attacker to force the server to create and execute a web... Critical Unreviewed
CVE-2022-21215 was published Feb 19, 2022
JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF). Critical Unreviewed
CVE-2022-25260 was published Feb 26, 2022
Server-Side Request Forgery and Uncontrolled Resource Consumption in LemMinX Critical
CVE-2022-0671 was published for org.eclipse.lemminx:lemminx-parent (Maven) Feb 19, 2022
An issue in the website background of taocms v3.0.2 allows attackers to execute a Server-Side... Critical Unreviewed
CVE-2022-46998 was published Jan 26, 2023
WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because URL... Critical Unreviewed
CVE-2019-17669 was published May 24, 2022
In certain Lexmark products through 2023-01-12, SSRF can occur because of a lack of input... Critical Unreviewed
CVE-2023-23560 was published Jan 23, 2023
Report v0.9.8.6 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability. Critical Unreviewed
CVE-2022-46973 was published Mar 4, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database