GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
111 advisories
Filter by severity
SSRF in repository migration
Moderate
GHSA-q347-cg56-pcq4
was published
for
gogs.io/gogs
(Go)
Mar 14, 2022
SSRF in repository migration
Moderate
CVE-2022-0870
was published
for
gogs.io/gogs
(Go)
Mar 12, 2022
Smokescreen SSRF via deny list bypass
Moderate
CVE-2022-24825
was published
for
github.com/stripe/smokescreen
(Go)
Apr 7, 2022
Server-Side Request Forgery in Jenkins
Moderate
CVE-2018-1000067
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Server-Side Request Forgery in Jenkins Git Plugin
Moderate
CVE-2018-1000182
was published
for
org.jenkins-ci.plugins:git
(Maven)
May 14, 2022
URLTrigger Plugin server-side request forgery vulnerability
Moderate
CVE-2018-1000606
was published
for
org.jenkins-ci.plugins:urltrigger
(Maven)
May 14, 2022
Smokescreen SSRF via deny list bypass (square brackets)
Moderate
CVE-2022-29188
was published
for
github.com/stripe/smokescreen
(Go)
May 24, 2022
Server-side request forgery in Apache Dubbo
Moderate
CVE-2022-24969
was published
for
com.alibaba:dubbo
(Maven)
Jun 10, 2022
Server-Side Request Forgery in Directus
Moderate
CVE-2022-23080
was published
for
directus
(npm)
Jun 23, 2022
Server-Side Request Forgery in link-preview-js
Moderate
CVE-2022-25876
was published
for
link-preview-js
(npm)
Jul 2, 2022
Nepxion Discovery vulnerable to potential Information Disclosure due to Server-Side Request Forgery
Moderate
CVE-2022-23464
was published
for
com.nepxion:discovery
(Maven)
Sep 25, 2022
Keycloak vulnerable to Server-Side Request Forgery
Moderate
CVE-2020-10770
was published
for
org.keycloak:keycloak-core
(Maven)
May 24, 2022
Server-Side Request Forgery in Apache Dubbo
Moderate
CVE-2021-25640
was published
for
com.alibaba:dubbo
(Maven)
Mar 18, 2022
Server-Side Request Forgery in dompdf/dompdf
Moderate
CVE-2022-0085
was published
for
dompdf/dompdf
(Composer)
Jun 29, 2022
Axios vulnerable to Server-Side Request Forgery
Moderate
CVE-2020-28168
was published
for
axios
(npm)
Jan 4, 2021
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
Moderate
CVE-2021-21349
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
Server-side request forgery in Ghost CMS
Moderate
CVE-2020-8134
was published
for
ghost
(npm)
May 6, 2021
Server-Side Request Forgery in yoast_seo
Moderate
CVE-2021-31779
was published
for
yoast-seo-for-typo3/yoast_seo
(Composer)
May 21, 2021
Server-Side Request Forgery in Concrete CMS
Moderate
CVE-2021-22969
was published
for
concrete5/core
(Composer)
Nov 23, 2021
Server-Side Request Forgery in Concrete CMS
Moderate
CVE-2021-22970
was published
for
concrete5/core
(Composer)
Nov 23, 2021
Server-Side Request Forgery in ssrf-agent
Moderate
CVE-2021-23718
was published
for
ssrf-agent
(npm)
Dec 2, 2021
Server-Side Request Forgery in Apache Kylin
Moderate
CVE-2021-27738
was published
for
org.apache.kylin:kylin
(Maven)
Jan 8, 2022
`undici.request` vulnerable to SSRF using absolute URL on `pathname`
Moderate
CVE-2022-35949
was published
for
undici
(npm)
Aug 18, 2022
Gitea displaying raw OpenID error in UI
Moderate
CVE-2021-45325
was published
for
github.com/go-gitea/gitea
(Go)
Feb 9, 2022
ProTip!
Advisories are also available from the
GraphQL API