Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
21
Go
2,094
Maven
5,000+
npm
3,759
NuGet
678
pip
3,445
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

1,193 advisories

Loading
The VerifyPopServerConnection resource in Atlassian Jira before version 7.6.10, from version 7.7... Moderate Unreviewed
CVE-2018-13404 was published May 13, 2022
Server-Side Request Forgery in Jenkins Moderate
CVE-2018-1000067 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
In Progress Ipswitch WhatsUp Gold 17.0.0 through 21.1.1, and 22.0.0, it is possible for an... Moderate Unreviewed
CVE-2022-29848 was published May 12, 2022
In Progress Ipswitch WhatsUp Gold 21.0.0 through 21.1.1, and 22.0.0, it is possible for an... High Unreviewed
CVE-2022-29847 was published May 12, 2022
Server-Side Request Forgery in scout-browser High
CVE-2022-1592 was published for scout-browser (pip) May 6, 2022
Jspxcms v10.2.0 allows attackers to execute a Server-Side Request Forgery (SSRF) via /cmscp/ext... Moderate Unreviewed
CVE-2022-28090 was published May 5, 2022
Talend Administration Center has a vulnerability that allows an authenticated user to use the... Moderate Unreviewed
CVE-2022-29942 was published May 5, 2022
GeoServer allows SSRF via the option for setting a proxy host High
CVE-2021-40822 was published for org.geoserver:gs-main (Maven) May 3, 2022
ProxyScotch is vulnerable to a server-side Request Forgery (SSRF) High
CVE-2022-25850 was published for github.com/hoppscotch/proxyscotch (Go) May 3, 2022
The HubSpot WordPress plugin before 8.8.15 does not validate the proxy URL given to the proxy... High Unreviewed
CVE-2022-1239 was published May 3, 2022
DB4Web server, when configured to use verbose debug messages, allows remote attackers to use... High Unreviewed
CVE-2002-1484 was published Apr 30, 2022
RiSearch 1.0.01 and RiSearch Pro 3.2.06 allows remote attackers to use the show.pl script as an... High Unreviewed
CVE-2004-2061 was published Apr 29, 2022
A Server-Side Request Forgery (SSRF) in feed_parser class of Navigate CMS v2.9.4 allows remote... Moderate Unreviewed
CVE-2022-28117 was published Apr 29, 2022
The iot-manager microservice 1.0.0 in Northern.tech Mender Enterprise before 3.2.2 allows SSRF... Critical Unreviewed
CVE-2022-29556 was published Apr 29, 2022
Monstaftp v2.10.3 was discovered to allow attackers to execute Server-Side Request Forgery (SSRF). Critical Unreviewed
CVE-2022-27469 was published Apr 27, 2022
Server side request forgery in gibbon Critical
CVE-2022-27311 was published for gibbon (RubyGems) Apr 26, 2022
Plsr
Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via ... Critical Unreviewed
CVE-2022-27429 was published Apr 26, 2022
A vulnerability in all versions of SCT/SCT Pro prior to version 14.2.2 allows a remote... Critical Unreviewed
CVE-2021-36203 was published Apr 23, 2022
Server-Side Request Forgery (SSRF) in Shopware High
CVE-2022-24871 was published for shopware/core (Composer) Apr 22, 2022
shyim
Server-side request forgery (SSRF) vulnerability in feed-proxy.php in extjs 5.0.0. Moderate Unreviewed
CVE-2007-6758 was published Apr 21, 2022
Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector High
CVE-2022-29153 was published for github.com/hashicorp/consul (Go) Apr 20, 2022
The EXMAGE WordPress plugin before 1.0.7 does to ensure that images added via URLs are external... High Unreviewed
CVE-2022-1037 was published Apr 19, 2022
An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to... Critical Unreviewed
CVE-2022-26499 was published Apr 16, 2022
A Server-Side Request Forgery (SSRF) in Chamilo LMS v1.11.13 allows attackers to enumerate the... High Unreviewed
CVE-2022-27426 was published Apr 16, 2022
IBM Planning Analytics 2.0 is vulnerable to server-side request forgery (SSRF). This may allow an... High Unreviewed
CVE-2022-22339 was published Apr 9, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database