GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
32 advisories
Filter by severity
Server-Side Request Forgery in Jenkins
Moderate
CVE-2018-1000067
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Server-Side Request Forgery in Jenkins Git Plugin
Moderate
CVE-2018-1000182
was published
for
org.jenkins-ci.plugins:git
(Maven)
May 14, 2022
URLTrigger Plugin server-side request forgery vulnerability
Moderate
CVE-2018-1000606
was published
for
org.jenkins-ci.plugins:urltrigger
(Maven)
May 14, 2022
Server-side request forgery in Apache Dubbo
Moderate
CVE-2022-24969
was published
for
com.alibaba:dubbo
(Maven)
Jun 10, 2022
Nepxion Discovery vulnerable to potential Information Disclosure due to Server-Side Request Forgery
Moderate
CVE-2022-23464
was published
for
com.nepxion:discovery
(Maven)
Sep 25, 2022
Keycloak vulnerable to Server-Side Request Forgery
Moderate
CVE-2020-10770
was published
for
org.keycloak:keycloak-core
(Maven)
May 24, 2022
Server-Side Request Forgery in Apache Dubbo
Moderate
CVE-2021-25640
was published
for
com.alibaba:dubbo
(Maven)
Mar 18, 2022
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
Moderate
CVE-2021-21349
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
Server-Side Request Forgery in Apache Kylin
Moderate
CVE-2021-27738
was published
for
org.apache.kylin:kylin
(Maven)
Jan 8, 2022
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
Moderate
CVE-2021-21342
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
Apache Ambari SSRF Vulnerability
Moderate
CVE-2015-1775
was published
for
org.apache.ambari:ambari
(Maven)
May 17, 2022
Apache Shenyu Server Side Request Forgery vulnerability
Moderate
CVE-2023-25753
was published
for
org.apache.shenyu:shenyu-admin
(Maven)
Oct 19, 2023
WireMock Controlled Server Side Request Forgery vulnerability through URL
Moderate
CVE-2023-41327
was published
for
org.wiremock:wiremock-webhooks-extension
(Maven)
Sep 6, 2023
OpenRefine Server-Side Request Forgery vulnerability
Moderate
CVE-2022-41401
was published
for
org.openrefine:main
(Maven)
Aug 4, 2023
Server-Side Request Forgery in Karaf
Moderate
CVE-2020-11980
was published
for
org.apache.karaf.management:org.apache.karaf.management.server
(Maven)
Feb 10, 2022
Jenkins CAS Plugin Server-Side Request Forgery vulnerability
Moderate
CVE-2018-1000188
was published
for
org.jenkins-ci.plugins:cas-plugin
(Maven)
May 14, 2022
Jenkins GitHub Branch Source Plugin vulnerable to Server-Side Request Forgery
Moderate
CVE-2018-1000185
was published
for
org.jenkins-ci.plugins:github-branch-source
(Maven)
May 14, 2022
Apache Batik Server-Side Request Forgery
Moderate
CVE-2022-38398
was published
for
org.apache.xmlgraphics:batik
(Maven)
Sep 23, 2022
Apache Batik vulnerable to Server-Side Request Forgery
Moderate
CVE-2022-38648
was published
for
org.apache.xmlgraphics:batik
(Maven)
Sep 23, 2022
Apache Batik information disclosure vulnerability
Moderate
CVE-2022-44730
was published
for
org.apache.xmlgraphics:batik-script
(Maven)
Aug 22, 2023
Jenkins GitHub Plugin server-side request forgery vulnerability exists
Moderate
CVE-2018-1000184
was published
for
com.coravy.hudson.plugins.github:github
(Maven)
May 14, 2022
Jenkins TraceTronic ECU-TEST Plugin server-side request forgery vulnerability
Moderate
CVE-2018-1999026
was published
for
de.tracetronic.jenkins.plugins:ecutest
(Maven)
May 14, 2022
Jenkins Crowd 2 Integration Plugin server-side request forgery vulnerability
Moderate
CVE-2018-1000422
was published
for
org.jenkins-ci.plugins:crowd2
(Maven)
May 14, 2022
Server-Side Request Forgery (SSRF) in Jenkins Confluence Publisher Plugin
Moderate
CVE-2018-1999039
was published
for
org.jenkins-ci.plugins:confluence-publisher
(Maven)
May 14, 2022
Server-side request forgery vulnerability in Jenkins Mesos Plugin
Moderate
CVE-2018-1000421
was published
for
org.jenkins-ci.plugins:mesos
(Maven)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API