GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
21
Go
2,094
Maven
5,000+
npm
3,759
NuGet
678
pip
3,445
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+
423 advisories
Filter by severity
GeoServer allows SSRF via the option for setting a proxy host
High
CVE-2021-40822
was published
for
org.geoserver:gs-main
(Maven)
May 3, 2022
ProxyScotch is vulnerable to a server-side Request Forgery (SSRF)
High
CVE-2022-25850
was published
for
github.com/hoppscotch/proxyscotch
(Go)
May 3, 2022
Server-Side Request Forgery in scout-browser
High
CVE-2022-1592
was published
for
scout-browser
(pip)
May 6, 2022
In Progress Ipswitch WhatsUp Gold 21.0.0 through 21.1.1, and 22.0.0, it is possible for an...
High
Unreviewed
CVE-2022-29847
was published
May 12, 2022
elFinder Server Side Request Forgery (SSRF)
High
CVE-2019-6257
was published
for
studio-42/elfinder
(Composer)
May 13, 2022
A Server Side Request Forgery (SSRF) vulnerability in tools/files/importers/remote.php in...
High
Unreviewed
CVE-2018-13790
was published
May 13, 2022
The Ping() function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint...
High
Unreviewed
CVE-2017-17697
was published
May 13, 2022
A server-side request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250...
High
Unreviewed
CVE-2018-7516
was published
May 13, 2022
A Server-Side Request Forgery (SSRF) vulnerability exists in MicroStrategy Web SDK 11.1 and...
High
Unreviewed
CVE-2020-22983
was published
May 14, 2022
** DISPUTED ** The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the...
High
Unreviewed
CVE-2017-16870
was published
May 14, 2022
phpMyAdmin SSRF in replication
High
CVE-2017-1000017
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 14, 2022
Moodle SSRF Vulnerability
High
CVE-2019-6970
was published
for
moodle/moodle
(Composer)
May 14, 2022
In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading...
High
Unreviewed
CVE-2017-9066
was published
May 14, 2022
The Dundas BI server before 5.0.1.1010 is vulnerable to a Server-Side Request Forgery attack,...
High
Unreviewed
CVE-2018-18569
was published
May 14, 2022
An SSRF issue was discovered in 42Gears SureMDM before 2018-11-27 via the /api...
High
Unreviewed
CVE-2018-15657
was published
May 14, 2022
The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to...
High
Unreviewed
CVE-2018-15517
was published
May 14, 2022
** DISPUTED ** The "secret chat" feature in Telegram 4.9.1 for Android has a "side channel" in...
High
Unreviewed
CVE-2018-20436
was published
May 14, 2022
qibosoft through V7 allows remote attackers to read arbitrary files via the member/index.php main...
High
Unreviewed
CVE-2019-5725
was published
May 14, 2022
An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before...
High
Unreviewed
CVE-2018-18646
was published
May 14, 2022
An SSRF issue was discovered in tecrail Responsive FileManager 9.13.4 via the upload.php url...
High
Unreviewed
CVE-2018-18867
was published
May 14, 2022
The Omni Commerce Connect API (OCC) of SAP Hybris Commerce, versions 6.*, is vulnerable to server...
High
Unreviewed
CVE-2018-2463
was published
May 14, 2022
Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability...
High
Unreviewed
CVE-2018-16793
was published
May 14, 2022
Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory Federation Services) has an...
High
Unreviewed
CVE-2018-16794
was published
May 14, 2022
An SSRF vulnerability was discovered in idreamsoft iCMS 7.0.11 because the remote function in app...
High
Unreviewed
CVE-2018-15895
was published
May 14, 2022
In Gogs 0.11.53, an attacker can use migrate to send arbitrary HTTP GET requests, leading to SSRF.
High
Unreviewed
CVE-2018-16409
was published
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API