GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,241
Erlang
31
GitHub Actions
21
Go
2,010
Maven
5,000+
npm
3,718
NuGet
662
pip
3,389
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
173 advisories
Filter by severity
The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Request Forgery) vulnerability...
Critical
Unreviewed
CVE-2021-22049
was published
Nov 25, 2021
An SSRF issue was discovered in SquaredUp for SCOM 5.2.1.6654.
Critical
Unreviewed
CVE-2021-40091
was published
Dec 7, 2021
Adding a new pipeline in GoCD server version 21.3.0 has a functionality that could be abused to...
Critical
Unreviewed
CVE-2021-44659
was published
Dec 23, 2021
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use user-controlled input to craft a URL,...
Critical
Unreviewed
CVE-2021-42637
was published
Feb 9, 2022
Novel-plus v3.6.0 was discovered to be vulnerable to Server-Side Request Forgery (SSRF) via user...
Critical
Unreviewed
CVE-2022-24568
was published
Feb 11, 2022
This vulnerability could allow an attacker to force the server to create and execute a web...
Critical
Unreviewed
CVE-2022-21215
was published
Feb 19, 2022
JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF).
Critical
Unreviewed
CVE-2022-25260
was published
Feb 26, 2022
An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between...
Critical
Unreviewed
CVE-2021-45967
was published
Mar 19, 2022
The FormCraft WordPress plugin before 3.8.28 does not validate the URL parameter in the...
Critical
Unreviewed
CVE-2022-0591
was published
Mar 22, 2022
A vulnerability was discovered in GitLab starting with version 12. GitLab was vulnerable to a...
Critical
Unreviewed
CVE-2022-0249
was published
Mar 29, 2022
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18.
Critical
Unreviewed
CVE-2022-0990
was published
Apr 5, 2022
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18.
Critical
Unreviewed
CVE-2022-0939
was published
Apr 5, 2022
An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to...
Critical
Unreviewed
CVE-2022-26499
was published
Apr 16, 2022
A vulnerability in all versions of SCT/SCT Pro prior to version 14.2.2 allows a remote...
Critical
Unreviewed
CVE-2021-36203
was published
Apr 23, 2022
Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via ...
Critical
Unreviewed
CVE-2022-27429
was published
Apr 26, 2022
Monstaftp v2.10.3 was discovered to allow attackers to execute Server-Side Request Forgery (SSRF).
Critical
Unreviewed
CVE-2022-27469
was published
Apr 27, 2022
The iot-manager microservice 1.0.0 in Northern.tech Mender Enterprise before 3.2.2 allows SSRF...
Critical
Unreviewed
CVE-2022-29556
was published
Apr 29, 2022
The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 (the...
Critical
Unreviewed
CVE-2019-3395
was published
May 13, 2022
A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to...
Critical
Unreviewed
CVE-2018-10511
was published
May 13, 2022
Server Side Request Forgery vulnerability in Vebto Pixie Image Editor 1.4 and 1.7 allows remote...
Critical
Unreviewed
CVE-2017-12905
was published
May 13, 2022
IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal can be exploited by app developers to...
Critical
Unreviewed
CVE-2019-4203
was published
May 13, 2022
IBM API Connect v2018.1.0 through v2018.3.4 could allow an attacker to send a specially crafted...
Critical
Unreviewed
CVE-2018-1789
was published
May 13, 2022
Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center...
Critical
Unreviewed
CVE-2018-0403
was published
May 13, 2022
Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an...
Critical
Unreviewed
CVE-2018-0398
was published
May 13, 2022
Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an...
Critical
Unreviewed
CVE-2018-0399
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API