Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
22
Go
2,095
Maven
5,000+
npm
3,760
NuGet
678
pip
3,446
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

423 advisories

Loading
Gogs and Gitea SSRF Vulnerability High
CVE-2018-15192 was published for code.gitea.io/gitea (Go) May 14, 2022
Multiple server-side request forgery (SSRF) vulnerabilities in Yeager CMS 1.2.1 allow remote... High Unreviewed
CVE-2015-7570 was published May 14, 2022
An SSRF vulnerability was discovered in idreamsoft iCMS before V7.0.11 because the remote... High Unreviewed
CVE-2018-14858 was published May 14, 2022
Adobe Experience Manager versions 6.2 and 6.3 have a Server-Side Request Forgery vulnerability.... High Unreviewed
CVE-2018-5004 was published May 14, 2022
Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery... High Unreviewed
CVE-2018-5006 was published May 14, 2022
Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery... High Unreviewed
CVE-2018-12809 was published May 14, 2022
Trovebox version <= 4.0.0-rc6 contains a Server-Side request forgery vulnerability in webhook... High Unreviewed
CVE-2018-1000553 was published May 14, 2022
The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39,... High Unreviewed
CVE-2018-5752 was published May 14, 2022
The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6... High Unreviewed
CVE-2016-6621 was published May 14, 2022
** DISPUTED ** Glastopf 3.1.3-dev has SSRF, as demonstrated by the abc.php a parameter. NOTE: the... High Unreviewed
CVE-2018-10220 was published May 14, 2022
The OAuth status rest resource in Atlassian Application Links before version 5.2.7, from 5.3.0... High Unreviewed
CVE-2017-18096 was published May 14, 2022
A Server Side Request Forgery vulnerability exists in the install app process in Sandstorm before... High Unreviewed
CVE-2017-6201 was published May 14, 2022
GroupViewProxyServlet in RoomWizard before 4.4.x allows SSRF via the url parameter. High Unreviewed
CVE-2018-7055 was published May 14, 2022
Citrix NetScaler VPX through NS12.0 53.13.nc allows an SSRF attack via the /rapi/read_url URI by... High Unreviewed
CVE-2018-6186 was published May 14, 2022
PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen... High Unreviewed
CVE-2017-7272 was published May 14, 2022
The copy function in application/admin/controller/Article.php in NoneCms 1.3.0 allows remote... High Unreviewed
CVE-2018-6029 was published May 14, 2022
phpBB Server-Side Request Forgery (SSRF) High
CVE-2017-1000419 was published for phpbb/phpbb (Composer) May 14, 2022
A Server-Side Request Forgery (SSRF) in Rebuild v2.8.3 allows attackers to obtain the real IP... High Unreviewed
CVE-2022-30049 was published May 16, 2022
SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An attacker can make a request... High Unreviewed
CVE-2022-1713 was published May 17, 2022
A Server Side Request Forgery (SSRF) vulnerability could lead to remote code execution for... High Unreviewed
CVE-2017-14585 was published May 17, 2022
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are... High Unreviewed
CVE-2017-1000139 was published May 17, 2022
SSRF exists in Webmin 1.850 via the PATH_INFO to tunnel/link.cgi, as demonstrated by a GET... High Unreviewed
CVE-2017-15644 was published May 17, 2022
WordPress before 4.5 does not consider octal and hexadecimal IP address formats when determining... High Unreviewed
CVE-2016-4029 was published May 17, 2022
The media-file upload feature in vBulletin before 3.8.7 Patch Level 6, 3.8.8 before Patch Level 2... High Unreviewed
CVE-2016-6483 was published May 17, 2022
XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might... High Unreviewed
CVE-2017-9355 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database