GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
88 advisories
Filter by severity
QOS.CH logback-core Server-Side Request Forgery vulnerability
Low
CVE-2024-12801
was published
for
ch.qos.logback:logback-core
(Maven)
Dec 19, 2024
http4k has a potential XXE (XML External Entity Injection) vulnerability
Critical
CVE-2024-55875
was published
for
org.http4k:http4k-format-xml
(Maven)
Dec 12, 2024
Butterfly has path/URL confusion in resource handling leading to multiple weaknesses
Critical
CVE-2024-47883
was published
for
org.openrefine.dependencies:butterfly
(Maven)
Oct 24, 2024
CometVisu Backend for openHAB affected by SSRF/XSS
High
CVE-2024-42467
was published
for
org.openhab.ui.bundles:org.openhab.ui.cometvisu
(Maven)
Aug 9, 2024
Apache CXF: SSRF vulnerability via WADL stylesheet parameter
Low
CVE-2024-29736
was published
for
org.apache.cxf:cxf-rt-rs-service-description
(Maven)
Jul 19, 2024
Apache StreamPipes has possibility of SSRF in pipeline element installation process
Moderate
CVE-2024-31979
was published
for
org.apache.streampipes:streampipes-parent
(Maven)
Jul 17, 2024
Apache Karaf Cave: Cave SSRF and arbitrary file access
Critical
CVE-2024-34365
was published
for
org.apache.karaf:cave
(Maven)
May 14, 2024
Apache HugeGraph-Hubble: SSRF in Hubble connection page
Moderate
CVE-2024-27347
was published
for
org.apache.hugegraph:hugegraph-hubble
(Maven)
Apr 22, 2024
WildFly Elytron: SSRF security issue
High
CVE-2024-1233
was published
for
org.wildfly.security:wildfly-elytron-realm-token
(Maven)
Apr 9, 2024
SSRF vulnerability using the Aegis DataBinding in Apache CXF
Critical
CVE-2024-28752
was published
for
org.apache.cxf:cxf-core
(Maven)
Mar 15, 2024
XXL-JOB vulnerable to Server-Side Request Forgery
High
CVE-2024-24113
was published
for
com.xuxueli:xxl-job
(Maven)
Feb 8, 2024
Apache Axis Improper Input Validation vulnerability
High
CVE-2023-51441
was published
for
axis:axis
(Maven)
Jan 6, 2024
Microcks contains a Server-Side Request Forgery (SSRF) via the component /jobs and /artifact/download
Critical
CVE-2023-48910
was published
for
io.github.microcks:microcks
(Maven)
Dec 4, 2023
Cookies are sent to external images in rendered diff (and server side request forgery)
Critical
CVE-2023-48240
was published
for
org.xwiki.platform:xwiki-platform-diff-xml
(Maven)
Nov 20, 2023
OpenCRX allows a remote attacker to execute arbitrary code via a crafted request
Critical
CVE-2023-46502
was published
for
org.opencrx:opencrx-client
(Maven)
Oct 31, 2023
WPS Server Side Request Forgery vulnerability
High
CVE-2023-43795
was published
for
org.geoserver.extension:gs-wps-core
(Maven)
Oct 24, 2023
Unsecured WMS dynamic styling sld=<url> parameter affords blind unauthenticated SSRF
Moderate
CVE-2023-41339
was published
for
org.geoserver.web:gs-web-app
(Maven)
Oct 24, 2023
Apache Shenyu Server Side Request Forgery vulnerability
Moderate
CVE-2023-25753
was published
for
org.apache.shenyu:shenyu-admin
(Maven)
Oct 19, 2023
Presto JDBC Server-Side Request Forgery by nextUri
High
GHSA-86q5-qcjc-7pv4
was published
for
com.facebook.presto:presto-jdbc
(Maven)
Oct 3, 2023
Presto JDBC Server-Side Request Forgery by redirect
High
GHSA-xm7x-f3w2-4hjm
was published
for
com.facebook.presto:presto-jdbc
(Maven)
Oct 3, 2023
WireMock Controlled Server Side Request Forgery vulnerability through URL
Moderate
CVE-2023-41327
was published
for
org.wiremock:wiremock-webhooks-extension
(Maven)
Sep 6, 2023
SSRF vulnerability in Jenkins Bitbucket Push and Pull Request Plugin allows capturing credentials
High
CVE-2023-41937
was published
for
io.jenkins.plugins:bitbucket-push-and-pull-request
(Maven)
Sep 6, 2023
Apache Batik information disclosure vulnerability
Moderate
CVE-2022-44730
was published
for
org.apache.xmlgraphics:batik-script
(Maven)
Aug 22, 2023
Apache XML Graphics Batik Server-Side Request Forgery vulnerability
High
CVE-2022-44729
was published
for
org.apache.xmlgraphics:batik-bridge
(Maven)
Aug 22, 2023
OpenRefine Server-Side Request Forgery vulnerability
Moderate
CVE-2022-41401
was published
for
org.openrefine:main
(Maven)
Aug 4, 2023
ProTip!
Advisories are also available from the
GraphQL API