Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

2,541 advisories

Loading
Server-side request forgery in Ghost CMS Moderate
CVE-2020-8134 was published for ghost (npm) May 6, 2021
libtaxii Server-Side Request Forgery vulnerability Critical
CVE-2020-27197 was published for libtaxii (pip) Apr 30, 2021
Lack of Input Validation in zendesk_api_client_php for Zendesk Subdomain Critical
CVE-2021-30492 was published for zendesk/zendesk_api_client_php (Composer) Apr 29, 2021
SSRF in Sydent due to missing validation of hostnames Moderate
CVE-2021-29431 was published for matrix-sydent (pip) Apr 19, 2021
Server-Side Request Forgery in private-ip Critical
CVE-2020-28360 was published for private-ip (npm) Apr 13, 2021
SSRF attacks via tracebacks in Plone High
CVE-2020-28735 was published for Plone (pip) Apr 7, 2021
Server-side Request Forgery (SSRF) via img tags in reportlab High
CVE-2020-28463 was published for reportlab (pip) Mar 29, 2021
SSRF in Rendertron Moderate
CVE-2020-8902 was published for rendertron (npm) Mar 1, 2021
vrana/adminer vulnerable to SSRF by connecting to privileged ports Moderate
CVE-2018-7667 was published for vrana/adminer (Composer) Feb 11, 2021
SecGus Credited to SecGus
SSRF in adminer High
CVE-2021-21311 was published for vrana/adminer (Composer) Feb 11, 2021
bpsizemore Credited to bpsizemore and UNC1739 UNC1739 UNC1739
Server-side request forgery in CarrierWave Moderate
CVE-2021-21288 was published for carrierwave (RubyGems) Feb 8, 2021
chadwilken Credited to chadwilken and phosphore phosphore phosphore
Axios vulnerable to Server-Side Request Forgery Moderate
CVE-2020-28168 was published for axios (npm) Jan 4, 2021
Authenticated Server Side Request Forgery Low
GHSA-8pfh-mm2g-hmc3 was published for shopware/core (Composer) Dec 21, 2020
Server-Side Forgery Request can be activated unmarshalling with XStream Moderate
CVE-2020-26258 was published for com.thoughtworks.xstream:xstream (Maven) Dec 21, 2020
vulnerability-analyst Credited to vulnerability-analyst
SSRF vulnerability in Apache Airflow Moderate
CVE-2020-17513 was published for apache-airflow (pip) Dec 17, 2020
sunSUNQ Credited to sunSUNQ
Server-Side Request Forgery in ftp-srv High
GHSA-r4m5-47cq-6qg8 was published for ftp-srv (npm) Sep 4, 2020
shermdog Credited to shermdog
Server-Side Request Forgery in html-pdf-chrome High
GHSA-5p98-wpc9-g498 was published for html-pdf-chrome (npm) Sep 4, 2020
westy92 Credited to westy92
Server-Side Request Forgery in @uppy/companion High
CVE-2020-8135 was published for @uppy/companion (npm) Sep 3, 2020
Server-Side Request Forgery in ftp-srv Critical
CVE-2020-15152 was published for ftp-srv (npm) Aug 17, 2020
andreeleuterio Credited to andreeleuterio, trs, and quiquelhappy trs trs
quiquelhappy quiquelhappy
Server-Side Request Forgery in @uppy/companion High
CVE-2020-8205 was published for @uppy/companion (npm) Aug 13, 2020
Server-Side Request Forgery (SSRF) in Apache Olingo High
CVE-2020-1925 was published for org.apache.olingo:odata-client-core (Maven) Feb 4, 2020
graphite.composer.views.send_email vulnerable to SSRF High
CVE-2017-18638 was published for graphite-web (pip) Oct 25, 2019
JLLeitschuh Credited to JLLeitschuh, alex, and orangetw alex alex
orangetw orangetw
ProTip! Advisories are also available from the GraphQL API