GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
1,137 advisories
Filter by severity
The OIDC OP plugin before 3.0.4 for Shibboleth Identity Provider allows server-side request...
High
Unreviewed
CVE-2022-24129
was published
Feb 10, 2022
Server-Side Request Forgery in Karaf
Moderate
CVE-2020-11980
was published
for
org.apache.karaf.management:org.apache.karaf.management.server
(Maven)
Feb 10, 2022
Novel-plus v3.6.0 was discovered to be vulnerable to Server-Side Request Forgery (SSRF) via user...
Critical
Unreviewed
CVE-2022-24568
was published
Feb 11, 2022
Harbor is vulnerable to a limited Server-Side Request Forgery (SSRF) (CVE-2020-13788)
Low
CVE-2020-13788
was published
for
github.com/goharbor/harbor
(Go)
Feb 11, 2022
Server Side Request Forgery in Grafana
Moderate
CVE-2020-13379
was published
for
github.com/grafana/grafana
(Go)
Feb 15, 2022
Server Side Request Forgery (SSRF) in Kubernetes
Moderate
CVE-2020-8555
was published
for
k8s.io/kubernetes
(Go)
Feb 15, 2022
This vulnerability could allow an attacker to force the server to create and execute a web...
Critical
Unreviewed
CVE-2022-21215
was published
Feb 19, 2022
Server-Side Request Forgery and Uncontrolled Resource Consumption in LemMinX
Critical
CVE-2022-0671
was published
for
org.eclipse.lemminx:lemminx-parent
(Maven)
Feb 19, 2022
SSRF in Kitodo.Presentation
High
CVE-2022-24980
was published
for
kitodo/presentation
(Composer)
Feb 20, 2022
JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF).
Critical
Unreviewed
CVE-2022-25260
was published
Feb 26, 2022
In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call was possible.
Moderate
Unreviewed
CVE-2022-24333
was published
Feb 26, 2022
Server-Side Request Forgery (SSRF) in rudloff/alltube
Critical
CVE-2022-0768
was published
for
rudloff/alltube
(Composer)
Mar 1, 2022
Incorrect Authorization in @uppy/companion
High
CVE-2022-0528
was published
for
@uppy/companion
(npm)
Mar 4, 2022
Server-Side Request Forgery in calibreweb
Critical
CVE-2022-0767
was published
for
calibreweb
(pip)
Mar 8, 2022
Server-Side Request Forgery in calibreweb
Critical
CVE-2022-0766
was published
for
calibreweb
(pip)
Mar 8, 2022
Server-Side Request Forgery and Open Redirect in AllTube Download
High
CVE-2022-24739
was published
for
rudloff/alltube
(Composer)
Mar 9, 2022
SSRF in repository migration
Moderate
CVE-2022-0870
was published
for
gogs.io/gogs
(Go)
Mar 12, 2022
Spoofing attack in swagger-ui
Moderate
CVE-2018-25031
was published
for
swagger-ui
(npm)
Mar 12, 2022
SSRF in repository migration
Moderate
GHSA-q347-cg56-pcq4
was published
for
gogs.io/gogs
(Go)
Mar 14, 2022
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to server-side request...
Moderate
Unreviewed
CVE-2021-39051
was published
Mar 15, 2022
The DefaultRepositoryAdminService class in Fisheye and Crucible before version 4.8.9 allowed...
Moderate
Unreviewed
CVE-2021-43954
was published
Mar 15, 2022
Agent-to-controller security bypass in Jenkins Semantic Versioning Plugin
High
CVE-2022-27201
was published
for
org.jenkins-ci.plugins:semantic-versioning-plugin
(Maven)
Mar 16, 2022
Server-Side Request Forgery in FUXA
High
CVE-2021-45851
was published
for
@frangoteam/fuxa
(npm)
Mar 17, 2022
Ligeo Archives Ligeo Basics as of 02_01-2022 is vulnerable to Server Side Request Forgery (SSRF)...
High
Unreviewed
CVE-2021-46107
was published
Mar 18, 2022
Server-Side Request Forgery in Apache Dubbo
Moderate
CVE-2021-25640
was published
for
com.alibaba:dubbo
(Maven)
Mar 18, 2022
ProTip!
Advisories are also available from the
GraphQL API