GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,258
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,483
Swift
61
Unreviewed advisories
All unreviewed
5,000+
2,533 advisories
Filter by severity
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18.
Critical
Unreviewed
CVE-2022-0990
was published
Apr 5, 2022
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 14...
Moderate
Unreviewed
CVE-2022-1188
was published
Apr 5, 2022
MashZone NextGen through 10.7 GA has an SSRF vulnerability that allows an attacker to interact...
High
Unreviewed
CVE-2021-33581
was published
Apr 1, 2022
A DNS rebinding vulnerability in the Irker IRC Gateway integration in all versions of GitLab CE...
High
Unreviewed
CVE-2022-0425
was published
Apr 3, 2022
Server side request forgery in C1 CMS
High
CVE-2022-24789
was published
for
C1CMS.Assemblies
(NuGet)
Mar 30, 2022
Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF.
Moderate
Unreviewed
CVE-2022-27907
was published
Mar 31, 2022
SSRF on index.php/cobrowse/proxycss/ in GitHub repository livehelperchat/livehelperchat prior to...
High
Unreviewed
CVE-2022-1191
was published
Apr 1, 2022
A vulnerability was discovered in GitLab starting with version 12. GitLab was vulnerable to a...
Critical
Unreviewed
CVE-2022-0249
was published
Mar 29, 2022
A vulnerability was discovered in GitLab versions 10.5 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14...
High
Unreviewed
CVE-2022-0136
was published
Mar 29, 2022
Sentinel 1.8.2 is vulnerable to Server-side request forgery (SSRF).
High
Unreviewed
CVE-2021-44139
was published
Mar 24, 2022
The FormCraft WordPress plugin before 3.8.28 does not validate the URL parameter in the...
Critical
Unreviewed
CVE-2022-0591
was published
Mar 22, 2022
An issue was discovered in MISP before 2.4.156. app/Model/Server.php does not restrict...
High
Unreviewed
CVE-2022-27245
was published
Mar 19, 2022
Ligeo Archives Ligeo Basics as of 02_01-2022 is vulnerable to Server Side Request Forgery (SSRF)...
High
Unreviewed
CVE-2021-46107
was published
Mar 18, 2022
Server-Side Request Forgery in FUXA
High
CVE-2021-45851
was published
for
@frangoteam/fuxa
(npm)
Mar 17, 2022
The DefaultRepositoryAdminService class in Fisheye and Crucible before version 4.8.9 allowed...
Moderate
Unreviewed
CVE-2021-43954
was published
Mar 15, 2022
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to server-side request...
Moderate
Unreviewed
CVE-2021-39051
was published
Mar 15, 2022
SSRF in repository migration
Moderate
CVE-2022-0870
was published
for
gogs.io/gogs
(Go)
Mar 12, 2022
paperclip Server-Side Request Forgery vulnerability
Critical
CVE-2017-0889
was published
for
paperclip
(RubyGems)
Jan 22, 2018
RHACM: unauthenticated SSRF in console API endpoint. A Server-Side Request Forgery (SSRF)...
High
Unreviewed
CVE-2022-3841
was published
Jan 13, 2023
Server-Side Request Forgery in html-pdf-chrome
High
GHSA-5p98-wpc9-g498
was published
for
html-pdf-chrome
(npm)
Sep 4, 2020
SSRF in repository migration
Moderate
GHSA-q347-cg56-pcq4
was published
for
gogs.io/gogs
(Go)
Mar 14, 2022
Lack of Input Validation in zendesk_api_client_php for Zendesk Subdomain
Critical
CVE-2021-30492
was published
for
zendesk/zendesk_api_client_php
(Composer)
Apr 29, 2021
Harbor is vulnerable to a limited Server-Side Request Forgery (SSRF) (CVE-2020-13788)
Low
CVE-2020-13788
was published
for
github.com/goharbor/harbor
(Go)
Feb 11, 2022
Server-Side Request Forgery in @uppy/companion
High
CVE-2020-8135
was published
for
@uppy/companion
(npm)
Sep 3, 2020
ProTip!
Advisories are also available from the
GraphQL API