GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
286 advisories
Filter by severity
RHACM: unauthenticated SSRF in console API endpoint. A Server-Side Request Forgery (SSRF)...
High
Unreviewed
CVE-2022-3841
was published
Jan 13, 2023
Ligeo Archives Ligeo Basics as of 02_01-2022 is vulnerable to Server Side Request Forgery (SSRF)...
High
Unreviewed
CVE-2021-46107
was published
Mar 18, 2022
An issue was discovered in MISP before 2.4.156. app/Model/Server.php does not restrict...
High
Unreviewed
CVE-2022-27245
was published
Mar 19, 2022
Sentinel 1.8.2 is vulnerable to Server-side request forgery (SSRF).
High
Unreviewed
CVE-2021-44139
was published
Mar 24, 2022
A vulnerability was discovered in GitLab versions 10.5 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14...
High
Unreviewed
CVE-2022-0136
was published
Mar 29, 2022
SSRF on index.php/cobrowse/proxycss/ in GitHub repository livehelperchat/livehelperchat prior to...
High
Unreviewed
CVE-2022-1191
was published
Apr 1, 2022
A DNS rebinding vulnerability in the Irker IRC Gateway integration in all versions of GitLab CE...
High
Unreviewed
CVE-2022-0425
was published
Apr 3, 2022
MashZone NextGen through 10.7 GA has an SSRF vulnerability that allows an attacker to interact...
High
Unreviewed
CVE-2021-33581
was published
Apr 1, 2022
IBM Planning Analytics 2.0 is vulnerable to server-side request forgery (SSRF). This may allow an...
High
Unreviewed
CVE-2022-22339
was published
Apr 9, 2022
Server-Side Request Forgery (SSRF) vulnerability in Johnson Controls Metasys could allow an...
High
Unreviewed
CVE-2021-36202
was published
Apr 8, 2022
A Server-Side Request Forgery (SSRF) in Chamilo LMS v1.11.13 allows attackers to enumerate the...
High
Unreviewed
CVE-2022-27426
was published
Apr 16, 2022
The EXMAGE WordPress plugin before 1.0.7 does to ensure that images added via URLs are external...
High
Unreviewed
CVE-2022-1037
was published
Apr 19, 2022
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio...
High
Unreviewed
CVE-2022-1815
was published
May 26, 2022
The AppCheck research team identified a Server-Side Request Forgery (SSRF) vulnerability within...
High
Unreviewed
CVE-2021-40186
was published
Jun 3, 2022
XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might...
High
Unreviewed
CVE-2017-9355
was published
May 17, 2022
The Import Export All WordPress Images, Users & Post Types WordPress plugin before 6.5.3 does not...
High
Unreviewed
CVE-2022-1977
was published
Jun 28, 2022
With this SSRF vulnerability, an attacker can reach internal addresses to make a request as the...
High
Unreviewed
CVE-2022-2339
was published
Jul 8, 2022
MyBB before 1.8.11 allows remote attackers to bypass an SSRF protection mechanism.
High
Unreviewed
CVE-2017-7566
was published
May 17, 2022
The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor...
High
Unreviewed
CVE-2022-22982
was published
Jul 14, 2022
ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server...
High
Unreviewed
CVE-2016-7999
was published
May 17, 2022
F5 SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 is vulnerable to a Server-Side...
High
Unreviewed
CVE-2017-6130
was published
May 17, 2022
In vBulletin before 5.3.0, remote attackers can bypass the CVE-2016-6483 patch and conduct SSRF...
High
Unreviewed
CVE-2017-7569
was published
May 17, 2022
The fetch_remote_file function in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System...
High
Unreviewed
CVE-2016-9417
was published
May 17, 2022
The media-file upload feature in GeniXCMS through 0.0.8 allows remote attackers to conduct SSRF...
High
Unreviewed
CVE-2017-5518
was published
May 17, 2022
IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4...
High
Unreviewed
CVE-2022-31776
was published
Aug 2, 2022
ProTip!
Advisories are also available from the
GraphQL API