Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,968
Erlang
39
GitHub Actions
38
Go
2,616
Maven
5,000+
npm
4,255
NuGet
760
pip
4,040
Pub
12
RubyGems
953
Rust
1,050
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,635 advisories

Loading
JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF). Critical Unreviewed
CVE-2022-25260 was published Feb 26, 2022
SSRF in Kitodo.Presentation High
CVE-2022-24980 was published for kitodo/presentation (Composer) Feb 20, 2022
Server-Side Request Forgery and Uncontrolled Resource Consumption in LemMinX Critical
CVE-2022-0671 was published for org.eclipse.lemminx:lemminx-parent (Maven) Feb 19, 2022
This vulnerability could allow an attacker to force the server to create and execute a web... Critical Unreviewed
CVE-2022-21215 was published Feb 19, 2022
Server Side Request Forgery in Grafana Moderate
CVE-2020-13379 was published for github.com/grafana/grafana (Go) Feb 15, 2022
Server Side Request Forgery (SSRF) in Kubernetes Moderate
CVE-2020-8555 was published for k8s.io/kubernetes (Go) Feb 15, 2022
Harbor is vulnerable to a limited Server-Side Request Forgery (SSRF) (CVE-2020-13788) Low
CVE-2020-13788 was published for github.com/goharbor/harbor (Go) Feb 11, 2022
Novel-plus v3.6.0 was discovered to be vulnerable to Server-Side Request Forgery (SSRF) via user... Critical Unreviewed
CVE-2022-24568 was published Feb 11, 2022
Server-Side Request Forgery in Karaf Moderate
CVE-2020-11980 was published for org.apache.karaf.management:org.apache.karaf.management.server (Maven) Feb 10, 2022
The OIDC OP plugin before 3.0.4 for Shibboleth Identity Provider allows server-side request... High Unreviewed
CVE-2022-24129 was published Feb 10, 2022
In ArangoDB, versions v3.7.0 through v3.9.0-alpha.1 have a feature which allows downloading a... Low Unreviewed
CVE-2021-25939 was published Feb 10, 2022
Server-side request forgery (SSRF) in Apache Batik High
CVE-2019-17566 was published for org.apache.xmlgraphics:batik (Maven) Feb 9, 2022
Server-side request forgery (SSRF) in Apache XmlGraphics Commons High
CVE-2020-11988 was published for org.apache.xmlgraphics:xmlgraphics-commons (Maven) Feb 9, 2022
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use user-controlled input to craft a URL,... Critical Unreviewed
CVE-2021-42637 was published Feb 9, 2022
Server-Side Request Forgery in @peertube/embed-api Moderate
CVE-2022-0508 was published for @peertube/embed-api (npm) Feb 9, 2022
Gitea displaying raw OpenID error in UI Moderate
CVE-2021-45325 was published for github.com/go-gitea/gitea (Go) Feb 9, 2022
Server-Side Request Forgery in Apache Traffic Control High
CVE-2022-23206 was published for github.com/apache/trafficcontrol (Go) Feb 7, 2022
Server-Side Request Forgery in calibreweb Moderate
CVE-2022-0339 was published for calibreweb (pip) Feb 1, 2022
RasmusWL
Credited to RasmusWL
A CWE-918 Server-Side Request Forgery (SSRF) vulnerability exists that could cause the station... High Unreviewed
CVE-2021-22821 was published Jan 29, 2022
A limited SSRF vulnerability was discovered on Western Digital My Cloud devices that could allow... High Unreviewed
CVE-2022-22993 was published Jan 29, 2022
SSRF vulnerability in jupyter-server-proxy Moderate
CVE-2022-21697 was published for jupyter-server-proxy (pip) Jan 27, 2022
mr-r3bot
Credited to mr-r3bot
Server side request forgery in @isomorphic-git/cors-proxy High
CVE-2021-23664 was published for @isomorphic-git/cors-proxy (npm) Jan 26, 2022
Dell EMC Data Protection Central versions 19.5 and prior contain a Server Side Request Forgery... Moderate Unreviewed
CVE-2021-36349 was published Jan 25, 2022
Cross-site Scripting in HTML2PDF High
CVE-2021-45394 was published for spipu/html2pdf (Composer) Jan 21, 2022
Server side request forgery protections in GitLab CE/EE versions between 8.4 and 14.4.x, between... Moderate Unreviewed
CVE-2021-39927 was published Jan 19, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database