Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

346 advisories

Loading
Dell EMC Streaming Data Platform versions before 1.3 contain a Server Side Request Forgery... Moderate Unreviewed
CVE-2021-36327 was published Dec 1, 2021
IBM QRadar SIEM 7.3 and 7.4 is vulnerable to server side request forgery (SSRF). This may allow... Moderate Unreviewed
CVE-2021-29863 was published Dec 2, 2021
An information disclosure via GET request server-side request forgery vulnerability was... Moderate Unreviewed
CVE-2021-37940 was published Dec 8, 2021
The Zoom Client for Meetings before version 5.7.3 (for Android, iOS, Linux, macOS, and Windows)... Moderate Unreviewed
CVE-2021-34425 was published Dec 15, 2021
PartKeepr versions up to v1.4.0, in the functionality to upload attachments using a URL when... Moderate Unreviewed
CVE-2022-22702 was published Jan 11, 2022
SSRF vulnerability in M-Files Server products with versions before 22.1.11017.1, in a preview... Moderate Unreviewed
CVE-2021-41809 was published Jan 19, 2022
Server side request forgery protections in GitLab CE/EE versions between 8.4 and 14.4.x, between... Moderate Unreviewed
CVE-2021-39927 was published Jan 19, 2022
Dell EMC Data Protection Central versions 19.5 and prior contain a Server Side Request Forgery... Moderate Unreviewed
CVE-2021-36349 was published Jan 25, 2022
In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call was possible. Moderate Unreviewed
CVE-2022-24333 was published Feb 26, 2022
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to server-side request... Moderate Unreviewed
CVE-2021-39051 was published Mar 15, 2022
The DefaultRepositoryAdminService class in Fisheye and Crucible before version 4.8.9 allowed... Moderate Unreviewed
CVE-2021-43954 was published Mar 15, 2022
Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF. Moderate Unreviewed
CVE-2022-27907 was published Mar 31, 2022
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 14... Moderate Unreviewed
CVE-2022-1188 was published Apr 5, 2022
Dr Trust USA iCheck Connect BP Monitor BP Testing 118 version 1.2.1 is vulnerable to Transmitting... Moderate Unreviewed
CVE-2020-27375 was published Apr 8, 2022
Server-side request forgery (SSRF) vulnerability in feed-proxy.php in extjs 5.0.0. Moderate Unreviewed
CVE-2007-6758 was published Apr 21, 2022
A Server-Side Request Forgery (SSRF) in feed_parser class of Navigate CMS v2.9.4 allows remote... Moderate Unreviewed
CVE-2022-28117 was published Apr 29, 2022
Talend Administration Center has a vulnerability that allows an authenticated user to use the... Moderate Unreviewed
CVE-2022-29942 was published May 5, 2022
Jspxcms v10.2.0 allows attackers to execute a Server-Side Request Forgery (SSRF) via /cmscp/ext... Moderate Unreviewed
CVE-2022-28090 was published May 5, 2022
In Progress Ipswitch WhatsUp Gold 17.0.0 through 21.1.1, and 22.0.0, it is possible for an... Moderate Unreviewed
CVE-2022-29848 was published May 12, 2022
The VerifyPopServerConnection resource in Atlassian Jira before version 7.6.10, from version 7.7... Moderate Unreviewed
CVE-2018-13404 was published May 13, 2022
The configuration file import for applications, spyware and vulnerability objects functionality... Moderate Unreviewed
CVE-2017-15943 was published May 13, 2022
A vulnerability in the web interface of Cisco TelePresence Conductor, Cisco Expressway Series,... Moderate Unreviewed
CVE-2019-1679 was published May 13, 2022
A Server-Side Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch... Moderate Unreviewed
CVE-2017-6036 was published May 13, 2022
The Github repository importer in Atlassian Bitbucket Server before version 5.3.0 allows remote... Moderate Unreviewed
CVE-2017-18036 was published May 13, 2022
Server-side request forgery (SSRF) vulnerability in Link Preview in Synology Chat before 2.0.0... Moderate Unreviewed
CVE-2017-15886 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API