GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,249
Erlang
31
GitHub Actions
21
Go
2,018
Maven
5,000+
npm
3,723
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
861
Swift
36
Unreviewed advisories
All unreviewed
5,000+
51 advisories
Filter by severity
Recurly gem Server-Side Request Forgery in Resource#find method
Critical
CVE-2017-0905
was published
for
recurly
(RubyGems)
Dec 6, 2017
paperclip Server-Side Request Forgery vulnerability
Critical
CVE-2017-0889
was published
for
paperclip
(RubyGems)
Jan 22, 2018
Critical severity vulnerability that affects recurly-api-client
Critical
CVE-2017-0907
was published
for
recurly-api-client
(NuGet)
Oct 16, 2018
Server-Side Request Forgery (SSRF) in jackson-databind
Critical
CVE-2018-14721
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jan 4, 2019
Server-Side Request Forgery (SSRF) in com.ctrip.framework.apollo:apollo
Critical
CVE-2019-10686
was published
for
com.ctrip.framework.apollo:apollo
(Maven)
Apr 18, 2019
ruby-openid SSRF via claimed_id request
Critical
CVE-2019-11027
was published
for
ruby-openid
(RubyGems)
Jun 13, 2019
Server-Side Request Forgery in Hawt Hawtio
Critical
CVE-2019-9827
was published
for
io.hawt:hawtio-core
(Maven)
Jul 5, 2019
Server-Side Request Forgery in ftp-srv
Critical
CVE-2020-15152
was published
for
ftp-srv
(npm)
Aug 17, 2020
Server-Side Request Forgery in private-ip
Critical
CVE-2020-28360
was published
for
private-ip
(npm)
Apr 13, 2021
Lack of Input Validation in zendesk_api_client_php for Zendesk Subdomain
Critical
CVE-2021-30492
was published
for
zendesk/zendesk_api_client_php
(Composer)
Apr 29, 2021
libtaxii Server-Side Request Forgery vulnerability
Critical
CVE-2020-27197
was published
for
libtaxii
(pip)
Apr 30, 2021
Server-Side Request Forgery in Feehi CMS
Critical
CVE-2021-30108
was published
for
feehi/cms
(Composer)
Jun 8, 2021
elFinder before 2.1.59 contains multiple vulnerabilities leading to RCE
Critical
CVE-2021-32682
was published
for
studio-42/elfinder
(Composer)
Jun 16, 2021
Server-Side Request Forgery and Uncontrolled Resource Consumption in LemMinX
Critical
CVE-2022-0671
was published
for
org.eclipse.lemminx:lemminx-parent
(Maven)
Feb 19, 2022
Server-Side Request Forgery (SSRF) in rudloff/alltube
Critical
CVE-2022-0768
was published
for
rudloff/alltube
(Composer)
Mar 1, 2022
Server-Side Request Forgery in calibreweb
Critical
CVE-2022-0767
was published
for
calibreweb
(pip)
Mar 8, 2022
Server-Side Request Forgery in calibreweb
Critical
CVE-2022-0766
was published
for
calibreweb
(pip)
Mar 8, 2022
Server side request forgery in gibbon
Critical
CVE-2022-27311
was published
for
gibbon
(RubyGems)
Apr 26, 2022
Moodle Blind SSRF Risk in /badges/mybackpack.php
Critical
CVE-2019-3809
was published
for
moodle/moodle
(Composer)
May 13, 2022
Ignite Realtime Openfire vulnerable to Server Side Request Forgery
Critical
CVE-2019-18394
was published
for
org.igniterealtime.openfire:parent
(Maven)
May 24, 2022
WSO2 API Manager vulnerable to SSRF
Critical
CVE-2020-13226
was published
for
org.wso2.am:am-parent
(Maven)
May 24, 2022
Server-Side Request Forgery in charm
Critical
CVE-2022-29180
was published
for
github.com/charmbracelet/charm
(Go)
May 24, 2022
Server-Side Request Forgery in kityminder
Critical
CVE-2022-31830
was published
for
kityminder
(npm)
Jun 10, 2022
Server-Side Request Forgery in parse-url
Critical
CVE-2022-2216
was published
for
parse-url
(npm)
Jun 28, 2022
ProTip!
Advisories are also available from the
GraphQL API