Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

271 advisories

Loading
RHACM: unauthenticated SSRF in console API endpoint. A Server-Side Request Forgery (SSRF)... High Unreviewed
CVE-2022-3841 was published Jan 13, 2023
Ligeo Archives Ligeo Basics as of 02_01-2022 is vulnerable to Server Side Request Forgery (SSRF)... High Unreviewed
CVE-2021-46107 was published Mar 18, 2022
An issue was discovered in MISP before 2.4.156. app/Model/Server.php does not restrict... High Unreviewed
CVE-2022-27245 was published Mar 19, 2022
Sentinel 1.8.2 is vulnerable to Server-side request forgery (SSRF). High Unreviewed
CVE-2021-44139 was published Mar 24, 2022
A vulnerability was discovered in GitLab versions 10.5 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14... High Unreviewed
CVE-2022-0136 was published Mar 29, 2022
SSRF on index.php/cobrowse/proxycss/ in GitHub repository livehelperchat/livehelperchat prior to... High Unreviewed
CVE-2022-1191 was published Apr 1, 2022
MashZone NextGen through 10.7 GA has an SSRF vulnerability that allows an attacker to interact... High Unreviewed
CVE-2021-33581 was published Apr 1, 2022
A DNS rebinding vulnerability in the Irker IRC Gateway integration in all versions of GitLab CE... High Unreviewed
CVE-2022-0425 was published Apr 3, 2022
IBM Planning Analytics 2.0 is vulnerable to server-side request forgery (SSRF). This may allow an... High Unreviewed
CVE-2022-22339 was published Apr 9, 2022
Server-Side Request Forgery (SSRF) vulnerability in Johnson Controls Metasys could allow an... High Unreviewed
CVE-2021-36202 was published Apr 8, 2022
A Server-Side Request Forgery (SSRF) in Chamilo LMS v1.11.13 allows attackers to enumerate the... High Unreviewed
CVE-2022-27426 was published Apr 16, 2022
The EXMAGE WordPress plugin before 1.0.7 does to ensure that images added via URLs are external... High Unreviewed
CVE-2022-1037 was published Apr 19, 2022
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio... High Unreviewed
CVE-2022-1815 was published May 26, 2022
The AppCheck research team identified a Server-Side Request Forgery (SSRF) vulnerability within... High Unreviewed
CVE-2021-40186 was published Jun 3, 2022
XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might... High Unreviewed
CVE-2017-9355 was published May 17, 2022
The Import Export All WordPress Images, Users & Post Types WordPress plugin before 6.5.3 does not... High Unreviewed
CVE-2022-1977 was published Jun 28, 2022
With this SSRF vulnerability, an attacker can reach internal addresses to make a request as the... High Unreviewed
CVE-2022-2339 was published Jul 8, 2022
MyBB before 1.8.11 allows remote attackers to bypass an SSRF protection mechanism. High Unreviewed
CVE-2017-7566 was published May 17, 2022
The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor... High Unreviewed
CVE-2022-22982 was published Jul 14, 2022
ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server... High Unreviewed
CVE-2016-7999 was published May 17, 2022
F5 SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 is vulnerable to a Server-Side... High Unreviewed
CVE-2017-6130 was published May 17, 2022
In vBulletin before 5.3.0, remote attackers can bypass the CVE-2016-6483 patch and conduct SSRF... High Unreviewed
CVE-2017-7569 was published May 17, 2022
The fetch_remote_file function in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System... High Unreviewed
CVE-2016-9417 was published May 17, 2022
The media-file upload feature in GeniXCMS through 0.0.8 allows remote attackers to conduct SSRF... High Unreviewed
CVE-2017-5518 was published May 17, 2022
IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4... High Unreviewed
CVE-2022-31776 was published Aug 2, 2022
ProTip! Advisories are also available from the GraphQL API