Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

36 advisories

Loading
Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE. High
CVE-2017-5643 was published for org.apache.camel:camel-core (Maven) Oct 16, 2018
sunSUNQ
jackson-dataformat-xml vulnerable to server side request forgery (SSRF) High
CVE-2016-7051 was published for com.fasterxml.jackson.dataformat:jackson-dataformat-xml (Maven) Oct 18, 2018
Server Side Request Forgery in svgSalamander High
CVE-2017-5617 was published for com.kitfox.svg:svg-salamander (Maven) Oct 19, 2018
Server-Side Request Forgery (SSRF) in org.apache.solr:solr-core High
CVE-2017-3164 was published for org.apache.solr:solr-core (Maven) Mar 14, 2019
Server Side Request Forgery in Apache Axis High
CVE-2019-0227 was published for axis:axis (Maven) May 14, 2019
ebickle
Server-Side Request Forgery (SSRF) in Apache Olingo High
CVE-2020-1925 was published for org.apache.olingo:odata-client-core (Maven) Feb 4, 2020
Server-Side Forgery Request can be activated unmarshalling with XStream High
CVE-2020-26258 was published for com.thoughtworks.xstream:xstream (Maven) Dec 21, 2020
Server-Side Request Forgery in Spinnaker Orca High
CVE-2020-9298 was published for com.netflix.spinnaker.orca:orca-core (Maven) May 7, 2021
Server-Side Request Forgery in Apache Solr High
CVE-2021-27905 was published for org.apache.solr:solr-parent (Maven) May 10, 2021
Server Side Request Forgery (SSRF) in org.mitre:openid-connect-server High
CVE-2021-26715 was published for org.mitre:openid-connect-server (Maven) May 13, 2021
Authorization service vulnerable to DDos attacks in Apache CFX High
CVE-2021-22696 was published for org.apache.cxf:apache-cxf (Maven) May 13, 2021
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host High
CVE-2021-39152 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host High
CVE-2021-39150 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
Server-Side Request Forgery in UReport High
CVE-2020-21122 was published for com.bstek.ureport:ureport2-console (Maven) Sep 20, 2021
Response Splitting from unsanitized headers High
CVE-2021-41084 was published for org.http4s:http4s-client (Maven) Sep 22, 2021
Server-side request forgery (SSRF) in Apache Batik High
CVE-2020-11987 was published for org.apache.xmlgraphics:batik-svgbrowser (Maven) Jan 6, 2022
jkmartindale
Server-side request forgery (SSRF) in Apache XmlGraphics Commons High
CVE-2020-11988 was published for org.apache.xmlgraphics:xmlgraphics-commons (Maven) Feb 9, 2022
Server-side request forgery (SSRF) in Apache Batik High
CVE-2019-17566 was published for org.apache.xmlgraphics:batik (Maven) Feb 9, 2022
Agent-to-controller security bypass in Jenkins Semantic Versioning Plugin High
CVE-2022-27201 was published for org.jenkins-ci.plugins:semantic-versioning-plugin (Maven) Mar 16, 2022
NotMyFault
GeoServer allows SSRF via the option for setting a proxy host High
CVE-2021-40822 was published for org.geoserver:gs-main (Maven) May 3, 2022
Server-Side Request Forgery in Jodd HTTP High
CVE-2022-29631 was published for org.jodd:jodd-http (Maven) Jun 7, 2022
4thline cling uPnP protocol issue can lead to denial of service High
CVE-2020-23622 was published for org.fourthline.cling:cling-core (Maven) Aug 16, 2022
Apache Batik vulnerable to Server-Side Request Forgery High
CVE-2022-40146 was published for org.apache.xmlgraphics:batik (Maven) Sep 23, 2022
Apache XML Graphics Batik vulnerable to code execution via SVG. High
CVE-2022-41704 was published for org.apache.xmlgraphics:batik (Maven) Oct 25, 2022
Untrusted code execution in Apache XML Graphics Batik High
CVE-2022-42890 was published for org.apache.xmlgraphics:batik (Maven) Oct 25, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database