Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

33 advisories

Loading
Apache StreamPipes has possibility of SSRF in pipeline element installation process Moderate
CVE-2024-31979 was published for org.apache.streampipes:streampipes-parent (Maven) Jul 17, 2024
Apache CXF: SSRF vulnerability via WADL stylesheet parameter Moderate
CVE-2024-29736 was published for org.apache.cxf:cxf-rt-rs-service-description (Maven) Jul 19, 2024
Apache HugeGraph-Hubble: SSRF in Hubble connection page Moderate
CVE-2024-27347 was published for org.apache.hugegraph:hugegraph-hubble (Maven) Apr 22, 2024
Unsecured WMS dynamic styling sld=<url> parameter affords blind unauthenticated SSRF Moderate
CVE-2023-41339 was published for org.geoserver.web:gs-web-app (Maven) Oct 24, 2023
thomsmith remsio-syn
us3r777 mprins
Jenkins Mattermost Notification Plugin vulnerable to SSRF Moderate
CVE-2019-1003026 was published for org.jenkins-ci.plugins:mattermost (Maven) May 13, 2022
SSRF vulnerability due to missing permission check in Jenkins OctopusDeploy Plugin Moderate
CVE-2019-1003027 was published for hudson.plugins.octopusdeploy:octopusdeploy (Maven) May 13, 2022
SSRF vulnerability due to missing permission check in Jenkins JMS Messaging Plugin Moderate
CVE-2019-1003028 was published for org.jenkins-ci.plugins:jms-messaging (Maven) May 13, 2022
Jenkins Kanboard Plugin vulnerable to Server-side request forgery (SSRF) Moderate
CVE-2019-1003020 was published for org.jenkins-ci.plugins:kanboard (Maven) May 13, 2022
Server-side request forgery vulnerability in Jenkins Mesos Plugin Moderate
CVE-2018-1000421 was published for org.jenkins-ci.plugins:mesos (Maven) May 14, 2022
Server-Side Request Forgery (SSRF) in Jenkins Confluence Publisher Plugin Moderate
CVE-2018-1999039 was published for org.jenkins-ci.plugins:confluence-publisher (Maven) May 14, 2022
Jenkins Crowd 2 Integration Plugin server-side request forgery vulnerability Moderate
CVE-2018-1000422 was published for org.jenkins-ci.plugins:crowd2 (Maven) May 14, 2022
Jenkins TraceTronic ECU-TEST Plugin server-side request forgery vulnerability Moderate
CVE-2018-1999026 was published for de.tracetronic.jenkins.plugins:ecutest (Maven) May 14, 2022
Jenkins GitHub Plugin server-side request forgery vulnerability exists Moderate
CVE-2018-1000184 was published for com.coravy.hudson.plugins.github:github (Maven) May 14, 2022
Apache Batik information disclosure vulnerability Moderate
CVE-2022-44730 was published for org.apache.xmlgraphics:batik-script (Maven) Aug 22, 2023
jkmartindale
Apache Batik vulnerable to Server-Side Request Forgery Moderate
CVE-2022-38648 was published for org.apache.xmlgraphics:batik (Maven) Sep 23, 2022
Apache Batik Server-Side Request Forgery Moderate
CVE-2022-38398 was published for org.apache.xmlgraphics:batik (Maven) Sep 23, 2022
Jenkins GitHub Branch Source Plugin vulnerable to Server-Side Request Forgery Moderate
CVE-2018-1000185 was published for org.jenkins-ci.plugins:github-branch-source (Maven) May 14, 2022
Jenkins CAS Plugin Server-Side Request Forgery vulnerability Moderate
CVE-2018-1000188 was published for org.jenkins-ci.plugins:cas-plugin (Maven) May 14, 2022
Server-Side Request Forgery in Karaf Moderate
CVE-2020-11980 was published for org.apache.karaf.management:org.apache.karaf.management.server (Maven) Feb 10, 2022
OpenRefine Server-Side Request Forgery vulnerability Moderate
CVE-2022-41401 was published for org.openrefine:main (Maven) Aug 4, 2023
WireMock Controlled Server Side Request Forgery vulnerability through URL Moderate
CVE-2023-41327 was published for org.wiremock:wiremock-webhooks-extension (Maven) Sep 6, 2023
W0rty oleg-nenashev
Mahoney tomakehurst
Apache Shenyu Server Side Request Forgery vulnerability Moderate
CVE-2023-25753 was published for org.apache.shenyu:shenyu-admin (Maven) Oct 19, 2023
Apache Ambari SSRF Vulnerability Moderate
CVE-2015-1775 was published for org.apache.ambari:ambari (Maven) May 17, 2022
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host Moderate
CVE-2021-21342 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
Server-Side Request Forgery in Apache Kylin Moderate
CVE-2021-27738 was published for org.apache.kylin:kylin (Maven) Jan 8, 2022
ProTip! Advisories are also available from the GraphQL API