GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
32 advisories
Filter by severity
Apache StreamPipes has possibility of SSRF in pipeline element installation process
Moderate
CVE-2024-31979
was published
for
org.apache.streampipes:streampipes-parent
(Maven)
Jul 17, 2024
Apache HugeGraph-Hubble: SSRF in Hubble connection page
Moderate
CVE-2024-27347
was published
for
org.apache.hugegraph:hugegraph-hubble
(Maven)
Apr 22, 2024
Unsecured WMS dynamic styling sld=<url> parameter affords blind unauthenticated SSRF
Moderate
CVE-2023-41339
was published
for
org.geoserver.web:gs-web-app
(Maven)
Oct 24, 2023
Jenkins Mattermost Notification Plugin vulnerable to SSRF
Moderate
CVE-2019-1003026
was published
for
org.jenkins-ci.plugins:mattermost
(Maven)
May 13, 2022
SSRF vulnerability due to missing permission check in Jenkins OctopusDeploy Plugin
Moderate
CVE-2019-1003027
was published
for
hudson.plugins.octopusdeploy:octopusdeploy
(Maven)
May 13, 2022
Jenkins Kanboard Plugin vulnerable to Server-side request forgery (SSRF)
Moderate
CVE-2019-1003020
was published
for
org.jenkins-ci.plugins:kanboard
(Maven)
May 13, 2022
SSRF vulnerability due to missing permission check in Jenkins JMS Messaging Plugin
Moderate
CVE-2019-1003028
was published
for
org.jenkins-ci.plugins:jms-messaging
(Maven)
May 13, 2022
Server-side request forgery vulnerability in Jenkins Mesos Plugin
Moderate
CVE-2018-1000421
was published
for
org.jenkins-ci.plugins:mesos
(Maven)
May 14, 2022
Server-Side Request Forgery (SSRF) in Jenkins Confluence Publisher Plugin
Moderate
CVE-2018-1999039
was published
for
org.jenkins-ci.plugins:confluence-publisher
(Maven)
May 14, 2022
Jenkins Crowd 2 Integration Plugin server-side request forgery vulnerability
Moderate
CVE-2018-1000422
was published
for
org.jenkins-ci.plugins:crowd2
(Maven)
May 14, 2022
Jenkins TraceTronic ECU-TEST Plugin server-side request forgery vulnerability
Moderate
CVE-2018-1999026
was published
for
de.tracetronic.jenkins.plugins:ecutest
(Maven)
May 14, 2022
Jenkins GitHub Plugin server-side request forgery vulnerability exists
Moderate
CVE-2018-1000184
was published
for
com.coravy.hudson.plugins.github:github
(Maven)
May 14, 2022
Apache Batik information disclosure vulnerability
Moderate
CVE-2022-44730
was published
for
org.apache.xmlgraphics:batik-script
(Maven)
Aug 22, 2023
Apache Batik vulnerable to Server-Side Request Forgery
Moderate
CVE-2022-38648
was published
for
org.apache.xmlgraphics:batik
(Maven)
Sep 23, 2022
Apache Batik Server-Side Request Forgery
Moderate
CVE-2022-38398
was published
for
org.apache.xmlgraphics:batik
(Maven)
Sep 23, 2022
Jenkins GitHub Branch Source Plugin vulnerable to Server-Side Request Forgery
Moderate
CVE-2018-1000185
was published
for
org.jenkins-ci.plugins:github-branch-source
(Maven)
May 14, 2022
Jenkins CAS Plugin Server-Side Request Forgery vulnerability
Moderate
CVE-2018-1000188
was published
for
org.jenkins-ci.plugins:cas-plugin
(Maven)
May 14, 2022
Server-Side Request Forgery in Karaf
Moderate
CVE-2020-11980
was published
for
org.apache.karaf.management:org.apache.karaf.management.server
(Maven)
Feb 10, 2022
OpenRefine Server-Side Request Forgery vulnerability
Moderate
CVE-2022-41401
was published
for
org.openrefine:main
(Maven)
Aug 4, 2023
WireMock Controlled Server Side Request Forgery vulnerability through URL
Moderate
CVE-2023-41327
was published
for
org.wiremock:wiremock-webhooks-extension
(Maven)
Sep 6, 2023
Apache Shenyu Server Side Request Forgery vulnerability
Moderate
CVE-2023-25753
was published
for
org.apache.shenyu:shenyu-admin
(Maven)
Oct 19, 2023
Apache Ambari SSRF Vulnerability
Moderate
CVE-2015-1775
was published
for
org.apache.ambari:ambari
(Maven)
May 17, 2022
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
Moderate
CVE-2021-21342
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
Server-Side Request Forgery in Apache Kylin
Moderate
CVE-2021-27738
was published
for
org.apache.kylin:kylin
(Maven)
Jan 8, 2022
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
Moderate
CVE-2021-21349
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
ProTip!
Advisories are also available from the
GraphQL API