GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
112 advisories
Filter by severity
SSRF vulnerability in Apache Airflow
Moderate
CVE-2020-17513
was published
for
apache-airflow
(pip)
Dec 17, 2020
Axios vulnerable to Server-Side Request Forgery
Moderate
CVE-2020-28168
was published
for
axios
(npm)
Jan 4, 2021
Server-side request forgery in CarrierWave
Moderate
CVE-2021-21288
was published
for
carrierwave
(RubyGems)
Feb 8, 2021
vrana/adminer vulnerable to SSRF by connecting to privileged ports
Moderate
CVE-2018-7667
was published
for
vrana/adminer
(Composer)
Feb 11, 2021
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
Moderate
CVE-2021-21342
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
Moderate
CVE-2021-21349
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
SSRF in Sydent due to missing validation of hostnames
Moderate
CVE-2021-29431
was published
for
matrix-sydent
(pip)
Apr 19, 2021
Server-side request forgery in Ghost CMS
Moderate
CVE-2020-8134
was published
for
ghost
(npm)
May 6, 2021
Server-Side Request Forgery in yoast_seo
Moderate
CVE-2021-31779
was published
for
yoast-seo-for-typo3/yoast_seo
(Composer)
May 21, 2021
Server-Side Request Forgery in Plone
Moderate
CVE-2021-33510
was published
for
Plone
(pip)
Jun 15, 2021
Server-Side Request Forgery in Concrete CMS
Moderate
CVE-2021-22969
was published
for
concrete5/core
(Composer)
Nov 23, 2021
Server-Side Request Forgery in Concrete CMS
Moderate
CVE-2021-22970
was published
for
concrete5/core
(Composer)
Nov 23, 2021
Server-Side Request Forgery in ssrf-agent
Moderate
CVE-2021-23718
was published
for
ssrf-agent
(npm)
Dec 2, 2021
Server side request forgery in SwaggerUI
Moderate
GHSA-qrmm-w75w-3wpx
was published
for
Swashbuckle.AspNetCore.SwaggerUI
(npm)
Dec 9, 2021
Server-Side Request Forgery in Apache Kylin
Moderate
CVE-2021-27738
was published
for
org.apache.kylin:kylin
(Maven)
Jan 8, 2022
SSRF vulnerability in jupyter-server-proxy
Moderate
CVE-2022-21697
was published
for
jupyter-server-proxy
(pip)
Jan 27, 2022
Server-Side Request Forgery in calibreweb
Moderate
CVE-2022-0339
was published
for
calibreweb
(pip)
Feb 1, 2022
Gitea displaying raw OpenID error in UI
Moderate
CVE-2021-45325
was published
for
github.com/go-gitea/gitea
(Go)
Feb 9, 2022
Server-Side Request Forgery in @peertube/embed-api
Moderate
CVE-2022-0508
was published
for
@peertube/embed-api
(npm)
Feb 9, 2022
Server-Side Request Forgery in Karaf
Moderate
CVE-2020-11980
was published
for
org.apache.karaf.management:org.apache.karaf.management.server
(Maven)
Feb 10, 2022
Server Side Request Forgery (SSRF) in Kubernetes
Moderate
CVE-2020-8555
was published
for
k8s.io/kubernetes
(Go)
Feb 15, 2022
Server Side Request Forgery in Grafana
Moderate
CVE-2020-13379
was published
for
github.com/grafana/grafana
(Go)
Feb 15, 2022
SSRF in repository migration
Moderate
CVE-2022-0870
was published
for
gogs.io/gogs
(Go)
Mar 12, 2022
Spoofing attack in swagger-ui
Moderate
CVE-2018-25031
was published
for
swagger-ui
(npm)
Mar 12, 2022
ProTip!
Advisories are also available from the
GraphQL API