Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,138 advisories

Loading
The fetch_remote_file function in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System... High Unreviewed
CVE-2016-9417 was published May 17, 2022
OX App Suite through 7.10.6 allows SSRF because multipart/form-data boundaries are predictable,... Moderate Unreviewed
CVE-2022-24406 was published Jul 28, 2022
The media-file upload feature in GeniXCMS through 0.0.8 allows remote attackers to conduct SSRF... High Unreviewed
CVE-2017-5518 was published May 17, 2022
IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4... High Unreviewed
CVE-2022-31776 was published Aug 2, 2022
HPE Release Control (RC) 9.13, 9.20, and 9.21 before 9.21.0005 p4 allows remote authenticated... High Unreviewed
CVE-2016-4374 was published May 17, 2022
SAP Netweaver AS ABAP, versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754,... Moderate Unreviewed
CVE-2020-6275 was published May 24, 2022
The Post SMTP Mailer/Email Log WordPress plugin before 2.1.7 does not have proper authorisation... High Unreviewed
CVE-2022-2352 was published Sep 27, 2022
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to server-side request... Moderate Unreviewed
CVE-2022-35282 was published Sep 29, 2022
Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated... Moderate Unreviewed
CVE-2021-43959 was published Jul 27, 2022
Nepxion Discovery vulnerable to potential Information Disclosure due to Server-Side Request Forgery Moderate
CVE-2022-23464 was published for com.nepxion:discovery (Maven) Sep 25, 2022
In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP... High Unreviewed
CVE-2016-9752 was published May 17, 2022
The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php in DokuWiki 2016-06-26a... High Unreviewed
CVE-2016-7964 was published May 17, 2022
The Replay Server in IBM Tealeaf Customer Experience 8.x before 8.7.1.8847 FP10, 8.8.x before 8.8... Moderate Unreviewed
CVE-2016-5968 was published May 17, 2022
An SSRF issue was discovered in Reprise License Manager (RLM) web interface through 14.2BL4 that... Moderate Unreviewed
CVE-2021-37498 was published Jan 20, 2023
An issue in the graphData.cgi component of perfSONAR v4.4.5 and prior allows attackers to access... High Unreviewed
CVE-2022-41412 was published Nov 30, 2022
CSZCMS v1.3.0 allows attackers to execute a Server-Side Request Forgery (SSRF) which can be... High Unreviewed
CVE-2022-28997 was published May 24, 2022
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.5. High Unreviewed
CVE-2022-1711 was published May 18, 2022
ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the pkg_url... Critical Unreviewed
CVE-2022-41497 was published Oct 14, 2022
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.8. High Unreviewed
CVE-2022-1784 was published May 21, 2022
ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the... Critical Unreviewed
CVE-2022-41495 was published Oct 14, 2022
A remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s... Critical Unreviewed
CVE-2022-28616 was published May 18, 2022
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.6. High Unreviewed
CVE-2022-1723 was published May 18, 2022
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.7. High Unreviewed
CVE-2022-1767 was published May 19, 2022
iCMS v7.0.16 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter... Critical Unreviewed
CVE-2022-41496 was published Oct 14, 2022
In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint allowed internal port... Moderate Unreviewed
CVE-2022-46830 was published Dec 8, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database