Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+

229 advisories

Loading
A server-side request forgery (SSRF) vulnerability in Upgrade.php of gopeak masterlab 2.1.5, via... Critical Unreviewed
CVE-2020-23534 was published May 24, 2022
Friendica 2021.01 allows SSRF via parse_url?binurl= for DNS lookups or HTTP requests to arbitrary... Critical Unreviewed
CVE-2021-27329 was published May 24, 2022
Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to... Critical Unreviewed
CVE-2021-27103 was published May 24, 2022
** UNSUPPORTED WHEN ASSIGNED ** Server Side Request Forgery (SSRF) in Web Compliance Manager in... Critical Unreviewed
CVE-2020-35205 was published May 24, 2022
Esri ArcGIS Server before 10.8 is vulnerable to SSRF in some configurations. Critical Unreviewed
CVE-2020-35712 was published May 24, 2022
Insufficient validation in the Bitdefender Update Server and BEST Relay components of Bitdefender... Critical Unreviewed
CVE-2020-15297 was published May 24, 2022
SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or... Critical Unreviewed
CVE-2020-24881 was published May 24, 2022
A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely... Critical Unreviewed
CVE-2020-25466 was published May 24, 2022
Emby Server before 4.5.0 allows SSRF via the Items/RemoteSearch/Image ImageURL parameter. Critical Unreviewed
CVE-2020-26948 was published May 24, 2022
WSO2 API Manager vulnerable to SSRF Critical
CVE-2020-13226 was published for org.wso2.am:am-parent (Maven) May 24, 2022
An SSRF issue was discovered in Enghouse Web Chat 6.1.300.31. In any POST request, one can... Critical Unreviewed
CVE-2019-16948 was published May 24, 2022
Ignite Realtime Openfire vulnerable to Server Side Request Forgery Critical
CVE-2019-18394 was published for org.igniterealtime.openfire:parent (Maven) May 24, 2022
An SSRF issue was discovered in the legacy Web launcher in Thycotic Secret Server before 10.7. Critical Unreviewed
CVE-2019-18355 was published May 24, 2022
WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because URL... Critical Unreviewed
CVE-2019-17669 was published May 24, 2022
SalesAgility SuiteCRM 7.10.x 7.10.19 and 7.11.x before and 7.11.7 has SSRF. Critical Unreviewed
CVE-2019-13335 was published May 24, 2022
A blind SSRF vulnerability exists in the Visualizer plugin before 3.3.1 for WordPress via wp-json... Critical Unreviewed
CVE-2019-16932 was published May 24, 2022
A Server-Side Request Forgery (SSRF): CWE-918 vulnerability exists in U.motion Server (MEG6501... Critical Unreviewed
CVE-2019-6837 was published May 24, 2022
The fetch API in Tightrope Media Carousel before 7.1.3 has CarouselAPI/v0/fetch?url= SSRF. This... Critical Unreviewed
CVE-2019-13020 was published May 24, 2022
openITCOCKPIT before 3.7.1 allows SSRF, aka RVID 5-445b21. Critical Unreviewed
CVE-2019-15494 was published May 24, 2022
The nelio-ab-testing plugin before 4.5.11 for WordPress has SSRF in ajax/iesupport.php. Critical Unreviewed
CVE-2016-10927 was published May 24, 2022
The nelio-ab-testing plugin before 4.5.9 for WordPress has SSRF in ajax/iesupport.php. Critical Unreviewed
CVE-2016-10926 was published May 24, 2022
A remote unauthenticated attacker can abuse a web service in SAP NetWeaver Application Server for... Critical Unreviewed
CVE-2019-0345 was published May 24, 2022
A Server Side Request Forgery (SSRF) vulnerability in go-camo up to version 1.1.4 allows a remote... Critical Unreviewed
CVE-2019-14255 was published May 24, 2022
Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer version 6.2.0 for... Critical Unreviewed
CVE-2019-12994 was published May 24, 2022
An SSRF issue was discovered in HTTPD on MicroDigital N-series cameras with firmware through 6400... Critical Unreviewed
CVE-2019-14704 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database