GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
32 advisories
Filter by severity
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
Moderate
CVE-2021-21342
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
Moderate
CVE-2021-21349
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
Server-Side Request Forgery in Apache Kylin
Moderate
CVE-2021-27738
was published
for
org.apache.kylin:kylin
(Maven)
Jan 8, 2022
Server-Side Request Forgery in Karaf
Moderate
CVE-2020-11980
was published
for
org.apache.karaf.management:org.apache.karaf.management.server
(Maven)
Feb 10, 2022
Server-Side Request Forgery in Apache Dubbo
Moderate
CVE-2021-25640
was published
for
com.alibaba:dubbo
(Maven)
Mar 18, 2022
Server-Side Request Forgery in Jenkins
Moderate
CVE-2018-1000067
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
SSRF vulnerability due to missing permission check in Jenkins JMS Messaging Plugin
Moderate
CVE-2019-1003028
was published
for
org.jenkins-ci.plugins:jms-messaging
(Maven)
May 13, 2022
Jenkins Kanboard Plugin vulnerable to Server-side request forgery (SSRF)
Moderate
CVE-2019-1003020
was published
for
org.jenkins-ci.plugins:kanboard
(Maven)
May 13, 2022
SSRF vulnerability due to missing permission check in Jenkins OctopusDeploy Plugin
Moderate
CVE-2019-1003027
was published
for
hudson.plugins.octopusdeploy:octopusdeploy
(Maven)
May 13, 2022
Jenkins Mattermost Notification Plugin vulnerable to SSRF
Moderate
CVE-2019-1003026
was published
for
org.jenkins-ci.plugins:mattermost
(Maven)
May 13, 2022
Jenkins Crowd 2 Integration Plugin server-side request forgery vulnerability
Moderate
CVE-2018-1000422
was published
for
org.jenkins-ci.plugins:crowd2
(Maven)
May 14, 2022
Server-side request forgery vulnerability in Jenkins Mesos Plugin
Moderate
CVE-2018-1000421
was published
for
org.jenkins-ci.plugins:mesos
(Maven)
May 14, 2022
Server-Side Request Forgery (SSRF) in Jenkins Confluence Publisher Plugin
Moderate
CVE-2018-1999039
was published
for
org.jenkins-ci.plugins:confluence-publisher
(Maven)
May 14, 2022
Jenkins TraceTronic ECU-TEST Plugin server-side request forgery vulnerability
Moderate
CVE-2018-1999026
was published
for
de.tracetronic.jenkins.plugins:ecutest
(Maven)
May 14, 2022
URLTrigger Plugin server-side request forgery vulnerability
Moderate
CVE-2018-1000606
was published
for
org.jenkins-ci.plugins:urltrigger
(Maven)
May 14, 2022
Jenkins CAS Plugin Server-Side Request Forgery vulnerability
Moderate
CVE-2018-1000188
was published
for
org.jenkins-ci.plugins:cas-plugin
(Maven)
May 14, 2022
Jenkins GitHub Plugin server-side request forgery vulnerability exists
Moderate
CVE-2018-1000184
was published
for
com.coravy.hudson.plugins.github:github
(Maven)
May 14, 2022
Jenkins GitHub Branch Source Plugin vulnerable to Server-Side Request Forgery
Moderate
CVE-2018-1000185
was published
for
org.jenkins-ci.plugins:github-branch-source
(Maven)
May 14, 2022
Server-Side Request Forgery in Jenkins Git Plugin
Moderate
CVE-2018-1000182
was published
for
org.jenkins-ci.plugins:git
(Maven)
May 14, 2022
Apache Ambari SSRF Vulnerability
Moderate
CVE-2015-1775
was published
for
org.apache.ambari:ambari
(Maven)
May 17, 2022
Keycloak vulnerable to Server-Side Request Forgery
Moderate
CVE-2020-10770
was published
for
org.keycloak:keycloak-core
(Maven)
May 24, 2022
Server-side request forgery in Apache Dubbo
Moderate
CVE-2022-24969
was published
for
com.alibaba:dubbo
(Maven)
Jun 10, 2022
Apache Batik Server-Side Request Forgery
Moderate
CVE-2022-38398
was published
for
org.apache.xmlgraphics:batik
(Maven)
Sep 23, 2022
Apache Batik vulnerable to Server-Side Request Forgery
Moderate
CVE-2022-38648
was published
for
org.apache.xmlgraphics:batik
(Maven)
Sep 23, 2022
Nepxion Discovery vulnerable to potential Information Disclosure due to Server-Side Request Forgery
Moderate
CVE-2022-23464
was published
for
com.nepxion:discovery
(Maven)
Sep 25, 2022
ProTip!
Advisories are also available from the
GraphQL API