GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
123 advisories
Filter by severity
jackson-dataformat-xml vulnerable to server side request forgery (SSRF)
High
CVE-2016-7051
was published
for
com.fasterxml.jackson.dataformat:jackson-dataformat-xml
(Maven)
Oct 18, 2018
Server-Side Request Forgery in terriajs-server
High
GHSA-p72p-rjr2-r439
was published
for
terriajs-server
(npm)
May 29, 2019
Server-Side Request Forgery (SSRF) in Apache Olingo
High
CVE-2020-1925
was published
for
org.apache.olingo:odata-client-core
(Maven)
Feb 4, 2020
High severity vulnerability that affects DotNetNuke.Core
High
CVE-2017-0929
was published
for
DotNetNuke.Core
(NuGet)
Oct 16, 2018
Server Side Request Forgery in svgSalamander
High
CVE-2017-5617
was published
for
com.kitfox.svg:svg-salamander
(Maven)
Oct 19, 2018
Server-Side Request Forgery in @uppy/companion
High
CVE-2020-8135
was published
for
@uppy/companion
(npm)
Sep 3, 2020
Server-Side Request Forgery (SSRF) in org.apache.solr:solr-core
High
CVE-2017-3164
was published
for
org.apache.solr:solr-core
(Maven)
Mar 14, 2019
Server-Side Request Forgery in html-pdf-chrome
High
GHSA-5p98-wpc9-g498
was published
for
html-pdf-chrome
(npm)
Sep 4, 2020
Server-Side Request Forgery in FUXA
High
CVE-2021-45851
was published
for
@frangoteam/fuxa
(npm)
Mar 17, 2022
Server side request forgery in C1 CMS
High
CVE-2022-24789
was published
for
C1CMS.Assemblies
(NuGet)
Mar 30, 2022
Server side request forgery in LiveHelperChat
High
CVE-2022-1213
was published
for
remdex/livehelperchat
(Composer)
Apr 6, 2022
Server-Side Request Forgery (SSRF) in Shopware
High
CVE-2022-24871
was published
for
shopware/core
(Composer)
Apr 22, 2022
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
High
CVE-2021-39150
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector
High
CVE-2022-29153
was published
for
github.com/hashicorp/consul
(Go)
Apr 20, 2022
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
High
CVE-2021-39152
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
Server-Side Request Forgery in Jodd HTTP
High
CVE-2022-29631
was published
for
org.jodd:jodd-http
(Maven)
Jun 7, 2022
Response Splitting from unsanitized headers
High
CVE-2021-41084
was published
for
org.http4s:http4s-client
(Maven)
Sep 22, 2021
4thline cling uPnP protocol issue can lead to denial of service
High
CVE-2020-23622
was published
for
org.fourthline.cling:cling-core
(Maven)
Aug 16, 2022
GeoServer allows SSRF via the option for setting a proxy host
High
CVE-2021-40822
was published
for
org.geoserver:gs-main
(Maven)
May 3, 2022
ProxyScotch is vulnerable to a server-side Request Forgery (SSRF)
High
CVE-2022-25850
was published
for
github.com/hoppscotch/proxyscotch
(Go)
May 3, 2022
Server-Side Request Forgery in scout-browser
High
CVE-2022-1592
was published
for
scout-browser
(pip)
May 6, 2022
Server-Side Forgery Request can be activated unmarshalling with XStream
High
CVE-2020-26258
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Dec 21, 2020
Server Side Request Forgery (SSRF) in org.mitre:openid-connect-server
High
CVE-2021-26715
was published
for
org.mitre:openid-connect-server
(Maven)
May 13, 2021
ProTip!
Advisories are also available from the
GraphQL API