Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,350
Erlang
31
GitHub Actions
22
Go
2,119
Maven
5,000+
npm
3,778
NuGet
680
pip
3,459
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

232 advisories

Loading
An SSRF issue was discovered in SquaredUp for SCOM 5.2.1.6654. Critical Unreviewed
CVE-2021-40091 was published Dec 7, 2021
IBM API Connect v2018.1.0 through v2018.3.4 could allow an attacker to send a specially crafted... Critical Unreviewed
CVE-2018-1789 was published May 13, 2022
Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center... Critical Unreviewed
CVE-2018-0403 was published May 13, 2022
Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an... Critical Unreviewed
CVE-2018-0398 was published May 13, 2022
Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an... Critical Unreviewed
CVE-2018-0399 was published May 13, 2022
kkFileView 4.0 is vulnerable to Server-side request forgery (SSRF) via controller... Critical Unreviewed
CVE-2022-42149 was published Oct 18, 2022
A security issue was discovered in WeBid <=1.2.2. A Server-Side Request Forgery (SSRF)... Critical Unreviewed
CVE-2022-41477 was published Oct 15, 2022
Ariadne Component Library vulnerable to Server-Side Request Forgery Critical
CVE-2017-20157 was published for arc/web (Composer) Dec 31, 2022
Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF. Critical Unreviewed
CVE-2019-3905 was published May 14, 2022
upload.php in Responsive FileManager 9.13.1 allows SSRF via the url parameter. Critical Unreviewed
CVE-2018-14728 was published May 14, 2022
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before... Critical Unreviewed
CVE-2019-9174 was published May 14, 2022
Server-Side Request Forgery (SSRF) vulnerability in Hitachi Infrastructure Analytics Advisor on... Critical Unreviewed
CVE-2022-41552 was published Nov 1, 2022
Ignite Realtime Openfire vulnerable to Server Side Request Forgery Critical
CVE-2019-18394 was published for org.igniterealtime.openfire:parent (Maven) May 24, 2022
Rhymix CMS 1.9.8.1 allows SSRF via an index.php?module=admin&act=dispModuleAdminFileBox SVG upload. Critical Unreviewed
CVE-2018-19601 was published May 14, 2022
com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishandles the studioService... Critical Unreviewed
CVE-2019-8982 was published May 14, 2022
The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9,... Critical Unreviewed
CVE-2018-18843 was published May 14, 2022
Typecho V1.1 allows remote attackers to send shell commands via base64-encoded serialized data,... Critical Unreviewed
CVE-2018-18753 was published May 14, 2022
** DISPUTED ** mPDF through 7.1.6, if deployed as a web application that accepts arbitrary HTML,... Critical Unreviewed
CVE-2018-19047 was published May 14, 2022
Jspxcms v9.0.0 allows SSRF. Critical Unreviewed
CVE-2018-20596 was published May 14, 2022
An issue was discovered in SeaCMS 6.61. adm1n/admin_reslib.php has SSRF via the url parameter. Critical Unreviewed
CVE-2018-16444 was published May 14, 2022
AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to... Critical Unreviewed
CVE-2018-2445 was published May 14, 2022
uniquesig0/InternalSite/InitParams.aspx in Microsoft Forefront Unified Access Gateway 2010 allows... Critical Unreviewed
CVE-2018-12571 was published May 14, 2022
An SSRF vulnerability was discovered in idreamsoft iCMS V7.0.9 that allows attackers to read... Critical Unreviewed
CVE-2018-14514 was published May 14, 2022
An SSRF issue was discovered in NmAPI.exe in Ipswitch WhatsUp Gold before 2018 (18.0). Malicious... Critical Unreviewed
CVE-2018-8939 was published May 14, 2022
SSRF (Server Side Request Forgery) in getRemoteImage.php in Ueditor in Onethink V1.0 and V1.1... Critical Unreviewed
CVE-2017-14323 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database