Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

1,137 advisories

Loading
Server-Side Request Forgery in Karaf Moderate
CVE-2020-11980 was published for org.apache.karaf.management:org.apache.karaf.management.server (Maven) Feb 10, 2022
Harbor is vulnerable to a limited Server-Side Request Forgery (SSRF) (CVE-2020-13788) Low
CVE-2020-13788 was published for github.com/goharbor/harbor (Go) Feb 11, 2022
Server Side Request Forgery in Grafana Moderate
CVE-2020-13379 was published for github.com/grafana/grafana (Go) Feb 15, 2022
Server Side Request Forgery (SSRF) in Kubernetes Moderate
CVE-2020-8555 was published for k8s.io/kubernetes (Go) Feb 15, 2022
Server-Side Request Forgery and Uncontrolled Resource Consumption in LemMinX Critical
CVE-2022-0671 was published for org.eclipse.lemminx:lemminx-parent (Maven) Feb 19, 2022
SSRF in Kitodo.Presentation High
CVE-2022-24980 was published for kitodo/presentation (Composer) Feb 20, 2022
In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call was possible. Moderate Unreviewed
CVE-2022-24333 was published Feb 26, 2022
Server-Side Request Forgery (SSRF) in rudloff/alltube Critical
CVE-2022-0768 was published for rudloff/alltube (Composer) Mar 1, 2022
416e6e61
Incorrect Authorization in @uppy/companion High
CVE-2022-0528 was published for @uppy/companion (npm) Mar 4, 2022
Server-Side Request Forgery in calibreweb Critical
CVE-2022-0767 was published for calibreweb (pip) Mar 8, 2022
Server-Side Request Forgery in calibreweb Critical
CVE-2022-0766 was published for calibreweb (pip) Mar 8, 2022
Server-Side Request Forgery and Open Redirect in AllTube Download High
CVE-2022-24739 was published for rudloff/alltube (Composer) Mar 9, 2022
Rudloff
SSRF in repository migration Moderate
CVE-2022-0870 was published for gogs.io/gogs (Go) Mar 12, 2022
Spoofing attack in swagger-ui Moderate
CVE-2018-25031 was published for swagger-ui (npm) Mar 12, 2022
SSRF in repository migration Moderate
GHSA-q347-cg56-pcq4 was published for gogs.io/gogs (Go) Mar 14, 2022
michaellrowley
Agent-to-controller security bypass in Jenkins Semantic Versioning Plugin High
CVE-2022-27201 was published for org.jenkins-ci.plugins:semantic-versioning-plugin (Maven) Mar 16, 2022
NotMyFault
Server-Side Request Forgery in FUXA High
CVE-2021-45851 was published for @frangoteam/fuxa (npm) Mar 17, 2022
Server-Side Request Forgery in Apache Dubbo Moderate
CVE-2021-25640 was published for com.alibaba:dubbo (Maven) Mar 18, 2022
ProTip! Advisories are also available from the GraphQL API