Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+

24 advisories

Loading
QOS.CH logback-core Server-Side Request Forgery vulnerability Low
CVE-2024-12801 was published for ch.qos.logback:logback-core (Maven) Dec 19, 2024
HTHou
Apache CXF: SSRF vulnerability via WADL stylesheet parameter Low
CVE-2024-29736 was published for org.apache.cxf:cxf-rt-rs-service-description (Maven) Jul 19, 2024
Northern.tech Hosted Mender before 2024.07.11 allows SSRF. Low Unreviewed
CVE-2024-47190 was published Nov 8, 2024
Mattermost versions 9.5.x <= 9.5.8 fail to include the metadata endpoints of Oracle Cloud and... Low Unreviewed
CVE-2024-45843 was published Sep 26, 2024
Authenticated Blind SSRF in automad/automad Low
CVE-2023-7037 was published for automad/automad (Composer) Dec 21, 2023
marcantondahmen
Trufflehog vulnerable to Blind SSRF in some Detectors Low
CVE-2024-43379 was published for github.com/trufflesecurity/trufflehog/v3 (Go) Aug 19, 2024
abankalarm
An issue in open-emr before v.7.0.2 allows a remote attacker to escalate privileges via a crafted... Low Unreviewed
CVE-2024-26476 was published Feb 29, 2024
NPM IP package incorrectly identifies some private IP addresses as public Low
CVE-2023-42282 was published for ip (npm) Feb 8, 2024
G-Rath levpachmanov
dotboris iFreilicht
langchain Server-Side Request Forgery vulnerability Low
CVE-2024-0243 was published for langchain (pip) Feb 26, 2024
The WP RSS Aggregator plugin for WordPress is vulnerable to Server-Side Request Forgery in all... Low Unreviewed
CVE-2024-0628 was published Feb 7, 2024
In case Cacheservice was configured to use a sproxyd object-storage backend, it would follow HTTP... Low Unreviewed
CVE-2023-26442 was published Aug 2, 2023
External service lookups for a number of protocols were vulnerable to a time-of-check/time-of-use... Low Unreviewed
CVE-2023-26438 was published Aug 2, 2023
google-translate-api-browser Server-Side Request Forgery (SSRF) Vulnerability Low
CVE-2023-48711 was published for google-translate-api-browser (npm) Nov 27, 2023
PinkDraconian
A vulnerability has been found in Dahua Smart Parking Management up to 20230528 and classified as... Low Unreviewed
CVE-2023-3121 was published Jun 6, 2023
Server-Side Request Forgery (SSRF) in GitHub repository bookstackapp/bookstack prior to v23.08. Low Unreviewed
CVE-2023-4624 was published Aug 30, 2023
Artifact Hub allows unsafe rego built-in Low
CVE-2023-45822 was published for github.com/artifacthub/hub (Go) Oct 19, 2023
dejanzelic
In ArangoDB, versions v3.7.0 through v3.9.0-alpha.1 have a feature which allows downloading a... Low Unreviewed
CVE-2021-25939 was published Feb 10, 2022
SSRF in editor's proxy via IPv6 link-local address in GitHub repository jgraph/drawio prior to 18... Low Unreviewed
CVE-2022-1722 was published May 17, 2022
The Mailchimp for WooCommerce WordPress plugin before 2.7.2 has an AJAX action that allows high... Low Unreviewed
CVE-2022-2556 was published Aug 29, 2022
A flaw was found in Ansible Tower in versions before 3.7.2. A Server Side Request Forgery flaw... Low Unreviewed
CVE-2020-14328 was published May 24, 2022
IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is... Low Unreviewed
CVE-2020-4787 was published May 24, 2022
IBM Forms Experience Builder could be susceptible to a server-side request forgery (SSRF) from... Low Unreviewed
CVE-2016-6001 was published May 17, 2022
Harbor is vulnerable to a limited Server-Side Request Forgery (SSRF) (CVE-2020-13788) Low
CVE-2020-13788 was published for github.com/goharbor/harbor (Go) Feb 11, 2022
Authenticated Server Side Request Forgery Low
GHSA-8pfh-mm2g-hmc3 was published for shopware/core (Composer) Dec 21, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database