Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+

229 advisories

Loading
Unauthenticated server side request forgery in HPE Serviceguard Manager Critical Unreviewed
CVE-2022-37938 was published Mar 1, 2023
wkhtmlTOpdf 0.12.6 is vulnerable to SSRF which allows an attacker to get initial access into the... Critical Unreviewed
CVE-2022-35583 was published Aug 23, 2022
Gluu Oxauth before v4.4.1 vulnerable to Server-Side Request Forgery attacks via a crafted request_uri parameter Critical
CVE-2022-36663 was published for org.gluu:oxauth-common (Maven) Sep 7, 2022
tdunlap607
A vulnerability was found in OTCMS 6.72. It has been classified as critical. Affected is the... Critical Unreviewed
CVE-2023-1634 was published Mar 25, 2023
OpenAPI Generator vulnerable to Server-Side Request Forgery Critical
CVE-2023-27162 was published for org.openapitools:openapi-generator-project (Maven) Mar 31, 2023
Server side request forgery in gibbon Critical
CVE-2022-27311 was published for gibbon (RubyGems) Apr 26, 2022
Plsr
Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url Critical
CVE-2022-2900 was published for parse-url (npm) Sep 15, 2022
allanlewis G-Rath
ruby-openid SSRF via claimed_id request Critical
CVE-2019-11027 was published for ruby-openid (RubyGems) Jun 13, 2019
Server-Side Request Forgery in Feehi CMS Critical
CVE-2021-30108 was published for feehi/cms (Composer) Jun 8, 2021
Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1... Critical Unreviewed
CVE-2021-27561 was published May 24, 2022
WSO2 API Manager vulnerable to SSRF Critical
CVE-2020-13226 was published for org.wso2.am:am-parent (Maven) May 24, 2022
Server-Side Request Forgery in calibreweb Critical
CVE-2022-0767 was published for calibreweb (pip) Mar 8, 2022
Server-Side Request Forgery in calibreweb Critical
CVE-2022-0766 was published for calibreweb (pip) Mar 8, 2022
Recurly gem Server-Side Request Forgery in Resource#find method Critical
CVE-2017-0905 was published for recurly (RubyGems) Dec 6, 2017
Skipper vulnerable to SSRF via X-Skipper-Proxy Critical
CVE-2022-38580 was published for github.com/zalando/skipper (Go) Oct 25, 2022
tdunlap607
Server-Side Request Forgery (SSRF) in com.ctrip.framework.apollo:apollo Critical
CVE-2019-10686 was published for com.ctrip.framework.apollo:apollo (Maven) Apr 18, 2019
Server-side request forgery (SSR) vulnerability in the WP Smart Import (wp-smart-import) plugin 1... Critical Unreviewed
CVE-2020-24147 was published May 24, 2022
Server-Side Request Forgery (SSRF) in vriteio/vrite Critical
CVE-2023-5572 was published for @vrite/sdk (npm) Oct 13, 2023
OpenCRX allows a remote attacker to execute arbitrary code via a crafted request Critical
CVE-2023-46502 was published for org.opencrx:opencrx-client (Maven) Oct 31, 2023
TorchServe Server-Side Request Forgery vulnerability Critical
CVE-2023-43654 was published for torchserve (pip) Oct 2, 2023
Bon Presta boninstagramcarousel between v5.2.1 to v7.0.0 was discovered to contain a Server-Side... Critical Unreviewed
CVE-2023-43982 was published Nov 3, 2023
Cookies are sent to external images in rendered diff (and server side request forgery) Critical
CVE-2023-48240 was published for org.xwiki.platform:xwiki-platform-diff-xml (Maven) Nov 20, 2023
The WPB Show Core WordPress plugin through 2.2 is vulnerable to server-side request forgery (SSRF... Critical Unreviewed
CVE-2023-5974 was published Nov 27, 2023
Anyscale Ray 2.6.3 and 2.8.0 allows /log_proxy SSRF. NOTE: the vendor's position is that this... Critical Unreviewed
CVE-2023-48023 was published Nov 28, 2023
MLflow Server-Side Request Forgery (SSRF) Critical
CVE-2023-6974 was published for mlflow (pip) Dec 20, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database