Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

409 advisories

Loading
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.6. High Unreviewed
CVE-2022-1723 was published May 18, 2022
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.7. High Unreviewed
CVE-2022-1767 was published May 19, 2022
An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite ... High Unreviewed
CVE-2022-37041 was published Aug 13, 2022
Some Dahua software products have a vulnerability of server-side request forgery (SSRF). An... High Unreviewed
CVE-2022-45429 was published Dec 27, 2022
kkFileView v4.1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the... High Unreviewed
CVE-2022-43140 was published Nov 17, 2022
In JetBrains YouTrack before 2020.2.10514, SSRF is possible because URL filtering can be escaped. High Unreviewed
CVE-2020-15822 was published May 24, 2022
MISP through 2.4.133 allows SSRF in the REST client via the use_full_path parameter with an... High Unreviewed
CVE-2020-28043 was published May 24, 2022
SAP Fiori Launchpad (News tile Application), versions - 750,751,752,753,754,755, allows an... High Unreviewed
CVE-2020-26815 was published May 24, 2022
An SSRF issue was discovered in Zammad before 3.4.1. The SMS configuration interface for... High Unreviewed
CVE-2020-26032 was published May 24, 2022
In Aruba AirWave Glass before 1.3.3, there is a Server-Side Request Forgery vulnerability through... High Unreviewed
CVE-2020-24641 was published May 24, 2022
A SSRF vulnerability exists in Winmail 6.5 in app.php in the key parameter when HTTPS is on. An... High Unreviewed
CVE-2020-23776 was published May 24, 2022
The Canto plugin 1.3.0 for WordPress allows includes/lib/download.php?subdomain= SSRF. High Unreviewed
CVE-2020-24063 was published May 24, 2022
Adobe Campaign Classic Gold Standard 10 (and earlier), 20.3.1 (and earlier), 20.2.3 (and earlier)... High Unreviewed
CVE-2021-21009 was published May 24, 2022
A vulnerability in the session validation feature of Cisco Data Center Network Manager (DCNM)... High Unreviewed
CVE-2021-1272 was published May 24, 2022
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an... High Unreviewed
CVE-2020-8464 was published May 24, 2022
An issue was discovered in ownCloud before 10.4. Because of an SSRF issue (via the apps... High Unreviewed
CVE-2020-10252 was published May 24, 2022
An SSRF issue in Open Distro for Elasticsearch (ODFE) before 1.13.1.0 allows an existing... High Unreviewed
CVE-2021-31828 was published May 24, 2022
Server-side request forgery in Wcms 0.3.2 let an attacker send crafted requests from the back-end... High Unreviewed
CVE-2020-24140 was published May 24, 2022
Server-side request forgery in Wcms 0.3.2 lets an attacker send crafted requests from the back... High Unreviewed
CVE-2020-24139 was published May 24, 2022
JetBrains TeamCity Plugin before 2020.2.85695 SSRF. Vulnerability that could potentially expose... High Unreviewed
CVE-2020-35667 was published May 24, 2022
PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by file read/manipulation, which... High Unreviewed
CVE-2020-29166 was published May 24, 2022
The ECT Provider component in OutSystems Platform Server 10 before 10.0.1104.0 and 11 before 11.9... High Unreviewed
CVE-2021-29357 was published May 24, 2022
An issue was discovered in YzmCMS 5.8. There is a SSRF vulnerability in the background collection... High Unreviewed
CVE-2020-35970 was published May 24, 2022
Response Splitting from unsanitized headers High
CVE-2021-41084 was published for org.http4s:http4s-client (Maven) Sep 22, 2021
When requests to the internal network for webhooks are enabled, a server-side request forgery... High Unreviewed
CVE-2021-22214 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database