Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,968
Erlang
39
GitHub Actions
38
Go
2,618
Maven
5,000+
npm
4,255
NuGet
760
pip
4,042
Pub
12
RubyGems
953
Rust
1,050
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,636 advisories

Loading
Server-Side Request Forgery in Concrete CMS Moderate
CVE-2021-22970 was published for concrete5/core (Composer) Nov 23, 2021
Server-Side Request Forgery in Concrete CMS Moderate
CVE-2021-22969 was published for concrete5/core (Composer) Nov 23, 2021
Server-Side Request Forgery vulnerability in concrete5 High
CVE-2021-22958 was published for concrete5/concrete5 (Composer) Oct 12, 2021
Response Splitting from unsanitized headers High
CVE-2021-41084 was published for org.http4s:http4s-client (Maven) Sep 22, 2021
Server-Side Request Forgery in UReport High
CVE-2020-21122 was published for com.bstek.ureport:ureport2-console (Maven) Sep 20, 2021
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host High
CVE-2021-39150 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host High
CVE-2021-39152 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
Authenticated server-side request forgery in file upload via URL. High
CVE-2021-37711 was published for shopware/core (Composer) Aug 23, 2021
elFinder before 2.1.59 contains multiple vulnerabilities leading to RCE Critical
CVE-2021-32682 was published for studio-42/elfinder (Composer) Jun 16, 2021
thomas-chauchefoin-sonarsource
Credited to thomas-chauchefoin-sonarsource
Server-Side Request Forgery in Plone High
CVE-2021-33511 was published for Plone (pip) Jun 15, 2021
Server-Side Request Forgery in Plone Moderate
CVE-2021-33510 was published for Plone (pip) Jun 15, 2021
Django Access Control Bypass possibly leading to SSRF, RFI, and LFI attacks High
CVE-2021-33571 was published for Django (pip) Jun 10, 2021
tdunlap607
Credited to tdunlap607
Server-Side Request Forgery in Feehi CMS Critical
CVE-2021-30108 was published for feehi/cms (Composer) Jun 8, 2021
Server-Side Request Forgery in yoast_seo Moderate
CVE-2021-31779 was published for yoast-seo-for-typo3/yoast_seo (Composer) May 21, 2021
Authorization service vulnerable to DDos attacks in Apache CFX High
CVE-2021-22696 was published for org.apache.cxf:apache-cxf (Maven) May 13, 2021
Server Side Request Forgery (SSRF) in org.mitre:openid-connect-server High
CVE-2021-26715 was published for org.mitre:openid-connect-server (Maven) May 13, 2021
Server-Side Request Forgery in node-pdf-generator High
CVE-2020-7740 was published for node-pdf-generator (npm) May 10, 2021
Server-Side Request Forgery in phantomjs-seo High
CVE-2020-7739 was published for phantomjs-seo (npm) May 10, 2021
Server-Side Request Forgery in Apache Solr High
CVE-2021-27905 was published for org.apache.solr:solr-parent (Maven) May 10, 2021
Server-Side Request Forgery in Spinnaker Orca High
CVE-2020-9298 was published for com.netflix.spinnaker.orca:orca-core (Maven) May 7, 2021
Server-side request forgery in Ghost CMS Moderate
CVE-2020-8134 was published for ghost (npm) May 6, 2021
libtaxii Server-Side Request Forgery vulnerability Critical
CVE-2020-27197 was published for libtaxii (pip) Apr 30, 2021
Lack of Input Validation in zendesk_api_client_php for Zendesk Subdomain Critical
CVE-2021-30492 was published for zendesk/zendesk_api_client_php (Composer) Apr 29, 2021
SSRF in Sydent due to missing validation of hostnames Moderate
CVE-2021-29431 was published for matrix-sydent (pip) Apr 19, 2021
Server-Side Request Forgery and Inclusion of Functionality from Untrusted Control Sphere in jsreport High
CVE-2020-8128 was published for jsreport (npm) Apr 13, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database