GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,919
Composer 4,476
Erlang 33
GitHub Actions 24
Go 2,207
Maven 5,433
npm 3,858
NuGet 696
pip 3,639
Pub 12
RubyGems 913
Rust 918
Swift 38

Unreviewed advisories

All unreviewed 249,554

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

1,299 advisories

Filter by severity

Sort by

Least recently updated

Server-side request forgery (SSRF) vulnerability in feed-proxy.php in extjs 5.0.0. Moderate Unreviewed

CVE-2007-6758 was published Apr 21, 2022

Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector High

CVE-2022-29153 was published for github.com/hashicorp/consul (Go) Apr 20, 2022

The EXMAGE WordPress plugin before 1.0.7 does to ensure that images added via URLs are external... High Unreviewed

CVE-2022-1037 was published Apr 19, 2022

An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to... Critical Unreviewed

CVE-2022-26499 was published Apr 16, 2022

A Server-Side Request Forgery (SSRF) in Chamilo LMS v1.11.13 allows attackers to enumerate the... High Unreviewed

CVE-2022-27426 was published Apr 16, 2022

IBM Planning Analytics 2.0 is vulnerable to server-side request forgery (SSRF). This may allow an... High Unreviewed

CVE-2022-22339 was published Apr 9, 2022

Dr Trust USA iCheck Connect BP Monitor BP Testing 118 version 1.2.1 is vulnerable to Transmitting... Moderate Unreviewed

CVE-2020-27375 was published Apr 8, 2022

Server-Side Request Forgery (SSRF) vulnerability in Johnson Controls Metasys could allow an... High Unreviewed

CVE-2021-36202 was published Apr 8, 2022

Smokescreen SSRF via deny list bypass Moderate

CVE-2022-24825 was published for github.com/stripe/smokescreen (Go) Apr 7, 2022

Server side request forgery in LiveHelperChat High

CVE-2022-1213 was published for remdex/livehelperchat (Composer) Apr 6, 2022

Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18. Critical Unreviewed

CVE-2022-0939 was published Apr 5, 2022

Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18. Critical Unreviewed

CVE-2022-0990 was published Apr 5, 2022

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 14... Moderate Unreviewed

CVE-2022-1188 was published Apr 5, 2022

A DNS rebinding vulnerability in the Irker IRC Gateway integration in all versions of GitLab CE... High Unreviewed

CVE-2022-0425 was published Apr 3, 2022

MashZone NextGen through 10.7 GA has an SSRF vulnerability that allows an attacker to interact... High Unreviewed

CVE-2021-33581 was published Apr 1, 2022

SSRF on index.php/cobrowse/proxycss/ in GitHub repository livehelperchat/livehelperchat prior to... High Unreviewed

CVE-2022-1191 was published Apr 1, 2022

Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF. Moderate Unreviewed

CVE-2022-27907 was published Mar 31, 2022

Server side request forgery in C1 CMS High

CVE-2022-24789 was published for C1CMS.Assemblies (NuGet) Mar 30, 2022

A vulnerability was discovered in GitLab versions 10.5 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14... High Unreviewed

CVE-2022-0136 was published Mar 29, 2022

A vulnerability was discovered in GitLab starting with version 12. GitLab was vulnerable to a... Critical Unreviewed

CVE-2022-0249 was published Mar 29, 2022

Sentinel 1.8.2 is vulnerable to Server-side request forgery (SSRF). High Unreviewed

CVE-2021-44139 was published Mar 24, 2022

The FormCraft WordPress plugin before 3.8.28 does not validate the URL parameter in the... Critical Unreviewed

CVE-2022-0591 was published Mar 22, 2022

An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between... Critical Unreviewed

CVE-2021-45967 was published Mar 19, 2022

An issue was discovered in MISP before 2.4.156. app/Model/Server.php does not restrict... High Unreviewed

CVE-2022-27245 was published Mar 19, 2022

Server-Side Request Forgery in Apache Dubbo Moderate

CVE-2021-25640 was published for com.alibaba:dubbo (Maven) Mar 18, 2022

Previous 1 2 … 45 46 47 48 49 50 51 52 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

1,299 advisories