Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

33 advisories

Loading
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host Moderate
CVE-2021-21342 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host Moderate
CVE-2021-21349 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
Server-Side Request Forgery in Apache Kylin Moderate
CVE-2021-27738 was published for org.apache.kylin:kylin (Maven) Jan 8, 2022
Server-Side Request Forgery in Karaf Moderate
CVE-2020-11980 was published for org.apache.karaf.management:org.apache.karaf.management.server (Maven) Feb 10, 2022
Server-Side Request Forgery in Apache Dubbo Moderate
CVE-2021-25640 was published for com.alibaba:dubbo (Maven) Mar 18, 2022
Server-Side Request Forgery in Jenkins Moderate
CVE-2018-1000067 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
SSRF vulnerability due to missing permission check in Jenkins JMS Messaging Plugin Moderate
CVE-2019-1003028 was published for org.jenkins-ci.plugins:jms-messaging (Maven) May 13, 2022
Jenkins Mattermost Notification Plugin vulnerable to SSRF Moderate
CVE-2019-1003026 was published for org.jenkins-ci.plugins:mattermost (Maven) May 13, 2022
Jenkins Kanboard Plugin vulnerable to Server-side request forgery (SSRF) Moderate
CVE-2019-1003020 was published for org.jenkins-ci.plugins:kanboard (Maven) May 13, 2022
SSRF vulnerability due to missing permission check in Jenkins OctopusDeploy Plugin Moderate
CVE-2019-1003027 was published for hudson.plugins.octopusdeploy:octopusdeploy (Maven) May 13, 2022
Server-side request forgery vulnerability in Jenkins Mesos Plugin Moderate
CVE-2018-1000421 was published for org.jenkins-ci.plugins:mesos (Maven) May 14, 2022
Jenkins Crowd 2 Integration Plugin server-side request forgery vulnerability Moderate
CVE-2018-1000422 was published for org.jenkins-ci.plugins:crowd2 (Maven) May 14, 2022
Server-Side Request Forgery (SSRF) in Jenkins Confluence Publisher Plugin Moderate
CVE-2018-1999039 was published for org.jenkins-ci.plugins:confluence-publisher (Maven) May 14, 2022
Jenkins TraceTronic ECU-TEST Plugin server-side request forgery vulnerability Moderate
CVE-2018-1999026 was published for de.tracetronic.jenkins.plugins:ecutest (Maven) May 14, 2022
URLTrigger Plugin server-side request forgery vulnerability Moderate
CVE-2018-1000606 was published for org.jenkins-ci.plugins:urltrigger (Maven) May 14, 2022
westonsteimel
Jenkins CAS Plugin Server-Side Request Forgery vulnerability Moderate
CVE-2018-1000188 was published for org.jenkins-ci.plugins:cas-plugin (Maven) May 14, 2022
Jenkins GitHub Branch Source Plugin vulnerable to Server-Side Request Forgery Moderate
CVE-2018-1000185 was published for org.jenkins-ci.plugins:github-branch-source (Maven) May 14, 2022
Jenkins GitHub Plugin server-side request forgery vulnerability exists Moderate
CVE-2018-1000184 was published for com.coravy.hudson.plugins.github:github (Maven) May 14, 2022
Server-Side Request Forgery in Jenkins Git Plugin Moderate
CVE-2018-1000182 was published for org.jenkins-ci.plugins:git (Maven) May 14, 2022
Apache Ambari SSRF Vulnerability Moderate
CVE-2015-1775 was published for org.apache.ambari:ambari (Maven) May 17, 2022
Keycloak vulnerable to Server-Side Request Forgery Moderate
CVE-2020-10770 was published for org.keycloak:keycloak-core (Maven) May 24, 2022
Server-side request forgery in Apache Dubbo Moderate
CVE-2022-24969 was published for com.alibaba:dubbo (Maven) Jun 10, 2022
Apache Batik Server-Side Request Forgery Moderate
CVE-2022-38398 was published for org.apache.xmlgraphics:batik (Maven) Sep 23, 2022
Apache Batik vulnerable to Server-Side Request Forgery Moderate
CVE-2022-38648 was published for org.apache.xmlgraphics:batik (Maven) Sep 23, 2022
Nepxion Discovery vulnerable to potential Information Disclosure due to Server-Side Request Forgery Moderate
CVE-2022-23464 was published for com.nepxion:discovery (Maven) Sep 25, 2022
ProTip! Advisories are also available from the GraphQL API