GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
173 advisories
Filter by severity
The FormCraft WordPress plugin before 3.8.28 does not validate the URL parameter in the...
Critical
Unreviewed
CVE-2022-0591
was published
Mar 22, 2022
A vulnerability was discovered in GitLab starting with version 12. GitLab was vulnerable to a...
Critical
Unreviewed
CVE-2022-0249
was published
Mar 29, 2022
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18.
Critical
Unreviewed
CVE-2022-0990
was published
Apr 5, 2022
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18.
Critical
Unreviewed
CVE-2022-0939
was published
Apr 5, 2022
Wildix WMS 6 before 6.02.20221216, WMS 5 before 5.04.20221214, and WMS4 before 4.04.45396.23...
Critical
Unreviewed
CVE-2022-47635
was published
Dec 21, 2022
A vulnerability in all versions of SCT/SCT Pro prior to version 14.2.2 allows a remote...
Critical
Unreviewed
CVE-2021-36203
was published
Apr 23, 2022
Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via ...
Critical
Unreviewed
CVE-2022-27429
was published
Apr 26, 2022
A Server-Side Request Forgery (SSRF) in the getFileBinary function of nbnbk cms 3 allows...
Critical
Unreviewed
CVE-2022-31386
was published
Jun 10, 2022
Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via...
Critical
Unreviewed
CVE-2022-31390
was published
Jun 10, 2022
A Server-Side Request Forgery (SSRF) vulnerability in IPS Community Suite before 4.6.2 allows...
Critical
Unreviewed
CVE-2021-40604
was published
Jun 14, 2022
Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via...
Critical
Unreviewed
CVE-2022-31393
was published
Jun 10, 2022
MonstaFTP v2.10.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the function...
Critical
Unreviewed
CVE-2022-31827
was published
Jun 10, 2022
flatCore-CMS version 2.0.8 calls dangerous functions, causing server-side request forgery...
Critical
Unreviewed
CVE-2021-41403
was published
Jun 16, 2022
Halo CMS v1.5.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the template...
Critical
Unreviewed
CVE-2022-32995
was published
Jun 28, 2022
An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because a regular...
Critical
Unreviewed
CVE-2017-8794
was published
May 17, 2022
Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x before 5.0.3 allows SSRF via...
Critical
Unreviewed
CVE-2022-25801
was published
Jul 15, 2022
Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x before 5.0.3 allows SSRF via...
Critical
Unreviewed
CVE-2022-25800
was published
Jul 15, 2022
ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the pkg_url...
Critical
Unreviewed
CVE-2022-41497
was published
Oct 14, 2022
ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the...
Critical
Unreviewed
CVE-2022-41495
was published
Oct 14, 2022
A remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s...
Critical
Unreviewed
CVE-2022-28616
was published
May 18, 2022
iCMS v7.0.16 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter...
Critical
Unreviewed
CVE-2022-41496
was published
Oct 14, 2022
An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to...
Critical
Unreviewed
CVE-2022-26499
was published
Apr 16, 2022
SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or...
Critical
Unreviewed
CVE-2020-24881
was published
May 24, 2022
A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely...
Critical
Unreviewed
CVE-2020-25466
was published
May 24, 2022
Insufficient validation in the Bitdefender Update Server and BEST Relay components of Bitdefender...
Critical
Unreviewed
CVE-2020-15297
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API