GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
52 advisories
Filter by severity
Critical severity vulnerability that affects recurly-api-client
Critical
CVE-2017-0907
was published
for
recurly-api-client
(NuGet)
Oct 16, 2018
Server-Side Request Forgery (SSRF) in jackson-databind
Critical
CVE-2018-14721
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jan 4, 2019
Lack of Input Validation in zendesk_api_client_php for Zendesk Subdomain
Critical
CVE-2021-30492
was published
for
zendesk/zendesk_api_client_php
(Composer)
Apr 29, 2021
paperclip Server-Side Request Forgery vulnerability
Critical
CVE-2017-0889
was published
for
paperclip
(RubyGems)
Jan 22, 2018
Server-Side Request Forgery in charm
Critical
CVE-2022-29180
was published
for
github.com/charmbracelet/charm
(Go)
May 24, 2022
Rank Math SEO plugin vulnerable to Server-Side Request Forgery
Critical
CVE-2022-36376
was published
for
rankmath/seo-by-rank-math
(Composer)
Sep 10, 2022
Server-Side Request Forgery in kityminder
Critical
CVE-2022-31830
was published
for
kityminder
(npm)
Jun 10, 2022
Server-Side Request Forgery in parse-url
Critical
CVE-2022-2216
was published
for
parse-url
(npm)
Jun 28, 2022
Insufficient user input in Apache Jetspeed-2
Critical
CVE-2022-32533
was published
for
org.apache.portals.jetspeed-2:jetspeed-commons
(Maven)
Jul 7, 2022
elFinder before 2.1.59 contains multiple vulnerabilities leading to RCE
Critical
CVE-2021-32682
was published
for
studio-42/elfinder
(Composer)
Jun 16, 2021
Apache CXF Server-Side Request Forgery vulnerability
Critical
CVE-2022-46364
was published
for
org.apache.cxf:cxf-core
(Maven)
Dec 13, 2022
Server-Side Request Forgery in Hawt Hawtio
Critical
CVE-2019-9827
was published
for
io.hawt:hawtio-core
(Maven)
Jul 5, 2019
Server-Side Request Forgery in ftp-srv
Critical
CVE-2020-15152
was published
for
ftp-srv
(npm)
Aug 17, 2020
Server-Side Request Forgery in private-ip
Critical
CVE-2020-28360
was published
for
private-ip
(npm)
Apr 13, 2021
Ariadne Component Library vulnerable to Server-Side Request Forgery
Critical
CVE-2017-20157
was published
for
arc/web
(Composer)
Dec 31, 2022
Ignite Realtime Openfire vulnerable to Server Side Request Forgery
Critical
CVE-2019-18394
was published
for
org.igniterealtime.openfire:parent
(Maven)
May 24, 2022
AWS SDK is vulnerable to server-side request forgery (SSRF)
Critical
CVE-2022-4725
was published
for
com.amazonaws:aws-android-sdk-mobile-client
(Maven)
Dec 27, 2022
Server-Side Request Forgery and Uncontrolled Resource Consumption in LemMinX
Critical
CVE-2022-0671
was published
for
org.eclipse.lemminx:lemminx-parent
(Maven)
Feb 19, 2022
Gluu Oxauth before v4.4.1 vulnerable to Server-Side Request Forgery attacks via a crafted request_uri parameter
Critical
CVE-2022-36663
was published
for
org.gluu:oxauth-common
(Maven)
Sep 7, 2022
OpenAPI Generator vulnerable to Server-Side Request Forgery
Critical
CVE-2023-27162
was published
for
org.openapitools:openapi-generator-project
(Maven)
Mar 31, 2023
Server side request forgery in gibbon
Critical
CVE-2022-27311
was published
for
gibbon
(RubyGems)
Apr 26, 2022
Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url
Critical
CVE-2022-2900
was published
for
parse-url
(npm)
Sep 15, 2022
ruby-openid SSRF via claimed_id request
Critical
CVE-2019-11027
was published
for
ruby-openid
(RubyGems)
Jun 13, 2019
Server-Side Request Forgery in Feehi CMS
Critical
CVE-2021-30108
was published
for
feehi/cms
(Composer)
Jun 8, 2021
WSO2 API Manager vulnerable to SSRF
Critical
CVE-2020-13226
was published
for
org.wso2.am:am-parent
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API