GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
53 advisories
Filter by severity
Server-Side Request Forgery in unoconv
High
CVE-2019-17400
was published
for
unoconv
(pip)
Oct 24, 2019
graphite.composer.views.send_email vulnerable to SSRF
High
CVE-2017-18638
was published
for
graphite-web
(pip)
Oct 25, 2019
SSRF vulnerability in Apache Airflow
Moderate
CVE-2020-17513
was published
for
apache-airflow
(pip)
Dec 17, 2020
Server-side Request Forgery (SSRF) via img tags in reportlab
High
CVE-2020-28463
was published
for
reportlab
(pip)
Mar 29, 2021
SSRF in Sydent due to missing validation of hostnames
Moderate
CVE-2021-29431
was published
for
matrix-sydent
(pip)
Apr 19, 2021
libtaxii Server-Side Request Forgery vulnerability
Critical
CVE-2020-27197
was published
for
libtaxii
(pip)
Apr 30, 2021
Django Access Control Bypass possibly leading to SSRF, RFI, and LFI attacks
High
CVE-2021-33571
was published
for
Django
(pip)
Jun 10, 2021
Server-Side Request Forgery in Plone
Moderate
CVE-2021-33510
was published
for
Plone
(pip)
Jun 15, 2021
SSRF vulnerability in jupyter-server-proxy
Moderate
CVE-2022-21697
was published
for
jupyter-server-proxy
(pip)
Jan 27, 2022
Server-Side Request Forgery in calibreweb
Moderate
CVE-2022-0339
was published
for
calibreweb
(pip)
Feb 1, 2022
Server-Side Request Forgery in calibreweb
Critical
CVE-2022-0766
was published
for
calibreweb
(pip)
Mar 8, 2022
Server-Side Request Forgery in calibreweb
Critical
CVE-2022-0767
was published
for
calibreweb
(pip)
Mar 8, 2022
Server-Side Request Forgery in scout-browser
High
CVE-2022-1592
was published
for
scout-browser
(pip)
May 6, 2022
OpenStack Glance Server-Side Request Forgery (SSRF)
Moderate
CVE-2017-7200
was published
for
glance
(pip)
May 17, 2022
Heartex - Label Studio Community Edition vulnerable to SSRF in the Data Import module
High
CVE-2022-36551
was published
for
label-studio
(pip)
Oct 4, 2022
safeurl-python contains Server-Side Request Forgery
Moderate
CVE-2023-24622
was published
for
safeurl-python
(pip)
Jan 27, 2023
Withdrawn: safeurl-python contains Server-Side Request Forgery
Moderate
GHSA-rw83-v3pw-m362
was published
for
safeurl-python
(pip)
Jan 30, 2023
•
withdrawn
Server-Side Request Forgery in Plone CMS
High
CVE-2021-33926
was published
for
Plone
(pip)
Feb 17, 2023
CairoSVG improperly processes SVG files loaded from external resources
High
CVE-2023-27586
was published
for
CairoSVG
(pip)
Mar 20, 2023
Synapse has URL deny list bypass via oEmbed and image URLs when generating previews
Moderate
CVE-2023-32683
was published
for
matrix-synapse
(pip)
Jun 6, 2023
Apache Superset Server-Side Request Forgery vulnerability
Moderate
CVE-2023-25504
was published
for
apache-superset
(pip)
Jul 6, 2023
Apache Airflow denial of service vulnerability
High
CVE-2023-37379
was published
for
apache-airflow
(pip)
Aug 23, 2023
ProTip!
Advisories are also available from the
GraphQL API