Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,360
Erlang
33
GitHub Actions
22
Go
2,127
Maven
5,000+
npm
3,793
NuGet
683
pip
3,471
Pub
12
RubyGems
894
Rust
894
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

921 advisories

Loading
GitLab Community and Enterprise Editions version 8.3 up to 10.x before 10.3 are vulnerable to... Moderate Unreviewed
CVE-2018-8801 was published May 14, 2022
Server side request forgery exists in the runtime application in K2 smartforms 4.6.11 via a... Moderate Unreviewed
CVE-2018-9920 was published May 14, 2022
JEECMS 9 has SSRF via the ueditor/getRemoteImage.jspx upfile parameter. Moderate Unreviewed
CVE-2018-20528 was published May 14, 2022
In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading... High Unreviewed
CVE-2017-9066 was published May 14, 2022
OX App Suite 7.8.4 and earlier allows SSRF. Moderate Unreviewed
CVE-2018-13103 was published May 14, 2022
** DISPUTED ** The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the... High Unreviewed
CVE-2017-16870 was published May 14, 2022
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before... Critical Unreviewed
CVE-2019-9174 was published May 14, 2022
The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and... Moderate Unreviewed
CVE-2017-9506 was published May 14, 2022
upload.php in Responsive FileManager 9.13.1 allows SSRF via the url parameter. Critical Unreviewed
CVE-2018-14728 was published May 14, 2022
Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF. Critical Unreviewed
CVE-2019-3905 was published May 14, 2022
A Server-Side Request Forgery (SSRF) vulnerability exists in MicroStrategy Web SDK 11.1 and... High Unreviewed
CVE-2020-22983 was published May 14, 2022
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products ... Moderate Unreviewed
CVE-2017-3546 was published May 13, 2022
Server-side request forgery (SSRF) vulnerability in Downloader in Synology Download Station 3.8.x... Moderate Unreviewed
CVE-2017-11149 was published May 13, 2022
Server-side request forgery (SSRF) vulnerability in link preview in Synology Chat before 1.1.0... Moderate Unreviewed
CVE-2017-11148 was published May 13, 2022
Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station... Moderate Unreviewed
CVE-2017-12071 was published May 13, 2022
Server-side request forgery (SSRF) vulnerability in Link Preview in Synology Chat before 2.0.0... Moderate Unreviewed
CVE-2017-15886 was published May 13, 2022
The Github repository importer in Atlassian Bitbucket Server before version 5.3.0 allows remote... Moderate Unreviewed
CVE-2017-18036 was published May 13, 2022
A Server-Side Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch... Moderate Unreviewed
CVE-2017-6036 was published May 13, 2022
Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an... Critical Unreviewed
CVE-2018-0398 was published May 13, 2022
Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an... Critical Unreviewed
CVE-2018-0399 was published May 13, 2022
Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center... Critical Unreviewed
CVE-2018-0403 was published May 13, 2022
IBM API Connect v2018.1.0 through v2018.3.4 could allow an attacker to send a specially crafted... Critical Unreviewed
CVE-2018-1789 was published May 13, 2022
A server-side request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250... High Unreviewed
CVE-2018-7516 was published May 13, 2022
A vulnerability in the web interface of Cisco TelePresence Conductor, Cisco Expressway Series,... Moderate Unreviewed
CVE-2019-1679 was published May 13, 2022
The configuration file import for applications, spyware and vulnerability objects functionality... Moderate Unreviewed
CVE-2017-15943 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database