GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
295 advisories
Filter by severity
A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of...
High
Unreviewed
CVE-2021-3552
was published
Nov 25, 2021
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to an SSRF attack in ActionExecutor.
High
Unreviewed
CVE-2021-43296
was published
Dec 1, 2021
An issue was discovered in Jamf Pro before 10.32.0, aka PI-009921. An account can be granted...
High
Unreviewed
CVE-2021-40809
was published
Dec 2, 2021
IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x is vulnerable to server-side request forgery ...
High
Unreviewed
CVE-2021-39057
was published
Dec 14, 2021
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.5 before 14...
High
Unreviewed
CVE-2021-39935
was published
Dec 14, 2021
A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of...
High
Unreviewed
CVE-2021-3959
was published
Dec 17, 2021
VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0...
High
Unreviewed
CVE-2021-22054
was published
Dec 18, 2021
VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3...
High
Unreviewed
CVE-2021-22056
was published
Dec 21, 2021
peertube is vulnerable to Server-Side Request Forgery (SSRF)
High
Unreviewed
CVE-2022-0132
was published
Jan 11, 2022
A limited SSRF vulnerability was discovered on Western Digital My Cloud devices that could allow...
High
Unreviewed
CVE-2022-22993
was published
Jan 29, 2022
A CWE-918 Server-Side Request Forgery (SSRF) vulnerability exists that could cause the station...
High
Unreviewed
CVE-2021-22821
was published
Jan 29, 2022
The OIDC OP plugin before 3.0.4 for Shibboleth Identity Provider allows server-side request...
High
Unreviewed
CVE-2022-24129
was published
Feb 10, 2022
Ligeo Archives Ligeo Basics as of 02_01-2022 is vulnerable to Server Side Request Forgery (SSRF)...
High
Unreviewed
CVE-2021-46107
was published
Mar 18, 2022
An issue was discovered in MISP before 2.4.156. app/Model/Server.php does not restrict...
High
Unreviewed
CVE-2022-27245
was published
Mar 19, 2022
Sentinel 1.8.2 is vulnerable to Server-side request forgery (SSRF).
High
Unreviewed
CVE-2021-44139
was published
Mar 24, 2022
A vulnerability was discovered in GitLab versions 10.5 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14...
High
Unreviewed
CVE-2022-0136
was published
Mar 29, 2022
SSRF on index.php/cobrowse/proxycss/ in GitHub repository livehelperchat/livehelperchat prior to...
High
Unreviewed
CVE-2022-1191
was published
Apr 1, 2022
MashZone NextGen through 10.7 GA has an SSRF vulnerability that allows an attacker to interact...
High
Unreviewed
CVE-2021-33581
was published
Apr 1, 2022
A DNS rebinding vulnerability in the Irker IRC Gateway integration in all versions of GitLab CE...
High
Unreviewed
CVE-2022-0425
was published
Apr 3, 2022
Server-Side Request Forgery (SSRF) vulnerability in Johnson Controls Metasys could allow an...
High
Unreviewed
CVE-2021-36202
was published
Apr 8, 2022
IBM Planning Analytics 2.0 is vulnerable to server-side request forgery (SSRF). This may allow an...
High
Unreviewed
CVE-2022-22339
was published
Apr 9, 2022
A Server-Side Request Forgery (SSRF) in Chamilo LMS v1.11.13 allows attackers to enumerate the...
High
Unreviewed
CVE-2022-27426
was published
Apr 16, 2022
The EXMAGE WordPress plugin before 1.0.7 does to ensure that images added via URLs are external...
High
Unreviewed
CVE-2022-1037
was published
Apr 19, 2022
RiSearch 1.0.01 and RiSearch Pro 3.2.06 allows remote attackers to use the show.pl script as an...
High
Unreviewed
CVE-2004-2061
was published
Apr 29, 2022
DB4Web server, when configured to use verbose debug messages, allows remote attackers to use...
High
Unreviewed
CVE-2002-1484
was published
Apr 30, 2022
ProTip!
Advisories are also available from the
GraphQL API