Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,347
Erlang
31
GitHub Actions
22
Go
2,117
Maven
5,000+
npm
3,768
NuGet
680
pip
3,457
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

406 advisories

Loading
The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an... Moderate Unreviewed
CVE-2020-28977 was published May 24, 2022
A Server-Side Request Forgery (SSRF) affecting the PDF generation in MicroStrategy 10.4, 2019... Moderate Unreviewed
CVE-2020-24815 was published May 24, 2022
JetBrains YouTrack before 2020.3.5333 was vulnerable to SSRF. Moderate Unreviewed
CVE-2020-27626 was published May 24, 2022
JetBrains YouTrack before 2020.3.888 was vulnerable to SSRF. Moderate Unreviewed
CVE-2020-27624 was published May 24, 2022
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a server... Moderate Unreviewed
CVE-2020-27018 was published May 24, 2022
SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, 1905, 2005, allows an... Moderate Unreviewed
CVE-2020-26811 was published May 24, 2022
A remote server-side request forgery (ssrf) vulnerability was discovered in Aruba Airwave... Moderate Unreviewed
CVE-2020-7126 was published May 24, 2022
OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/message message API. Moderate Unreviewed
CVE-2020-15002 was published May 24, 2022
SAP BusinessObjects Business Intelligence Platform (Web Services) versions - 410, 420, 430,... Moderate Unreviewed
CVE-2020-6308 was published May 24, 2022
BigBlueButton before 2.2.7 allows remote authenticated users to read local files and conduct SSRF... Moderate Unreviewed
CVE-2020-25820 was published May 24, 2022
An SSRF issue was discovered in Zoho Application Control Plus before version 10.0.511. The mail... Moderate Unreviewed
CVE-2020-15594 was published May 24, 2022
** DISPUTED ** Prometheus Blackbox Exporter through 0.17.0 allows /probe?target= SSRF. NOTE:... Moderate Unreviewed
CVE-2020-16248 was published May 24, 2022
SAP Netweaver AS ABAP, versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754,... Moderate Unreviewed
CVE-2020-6275 was published May 24, 2022
IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to Server Side Request Forgery (SSRF). This may... Moderate Unreviewed
CVE-2020-4294 was published May 24, 2022
Microstrategy Web 10.4 is vulnerable to Server-Side Request Forgery in the Test Web Service... Moderate Unreviewed
CVE-2020-11453 was published May 24, 2022
OX App Suite through 7.10.2 allows SSRF. Moderate Unreviewed
CVE-2019-18846 was published May 24, 2022
An issue was discovered in Zoho ManageEngine Remote Access Plus 10.0.447. The service to test the... Moderate Unreviewed
CVE-2019-20474 was published May 24, 2022
An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local... Moderate Unreviewed
CVE-2020-8118 was published May 24, 2022
SysJust Syuan-Gu-Da-Shih, versions before 20191223, contain vulnerability of Request Forgery,... Moderate Unreviewed
CVE-2020-3938 was published May 24, 2022
LuquidPixels LiquiFire OS 4.8.0 allows SSRF via the call%3Durl substring followed by a URL in... Moderate Unreviewed
CVE-2019-20055 was published May 24, 2022
OX App Suite 7.10.1 and 7.10.2 allows SSRF. Moderate Unreviewed
CVE-2019-14225 was published May 24, 2022
A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that can... Moderate Unreviewed
CVE-2019-15021 was published May 24, 2022
rpcapd/daemon.c in libpcap before 1.9.1 allows SSRF because a URL may be provided as a capture... Moderate Unreviewed
CVE-2019-15164 was published May 24, 2022
IBM QRadar SIEM 7.2 and 7.3 is vulnerable to Server Side Request Forgery (SSRF). This may allow... Moderate Unreviewed
CVE-2019-4262 was published May 24, 2022
The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote... Moderate Unreviewed
CVE-2019-8451 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database