Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

29 advisories

Loading
Harbor is vulnerable to a limited Server-Side Request Forgery (SSRF) (CVE-2020-13788) Low
CVE-2020-13788 was published for github.com/goharbor/harbor (Go) Feb 11, 2022
SSRF in repository migration Moderate
GHSA-q347-cg56-pcq4 was published for gogs.io/gogs (Go) Mar 14, 2022
michaellrowley
SSRF in repository migration Moderate
CVE-2022-0870 was published for gogs.io/gogs (Go) Mar 12, 2022
Smokescreen SSRF via deny list bypass Moderate
CVE-2022-24825 was published for github.com/stripe/smokescreen (Go) Apr 7, 2022
gregxsunday
Server-Side Request Forgery in charm Critical
CVE-2022-29180 was published for github.com/charmbracelet/charm (Go) May 24, 2022
Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector High
CVE-2022-29153 was published for github.com/hashicorp/consul (Go) Apr 20, 2022
Smokescreen SSRF via deny list bypass (square brackets) Moderate
CVE-2022-29188 was published for github.com/stripe/smokescreen (Go) May 24, 2022
Haxatron
ProxyScotch is vulnerable to a server-side Request Forgery (SSRF) High
CVE-2022-25850 was published for github.com/hoppscotch/proxyscotch (Go) May 3, 2022
Server-Side Request Forgery in gogs webhook High
CVE-2022-1285 was published for gogs.io/gogs (Go) Jun 3, 2022
am0o0
Server-Side Request Forgery in Apache Traffic Control High
CVE-2022-23206 was published for github.com/apache/trafficcontrol (Go) Feb 7, 2022
Gitea displaying raw OpenID error in UI Moderate
CVE-2021-45325 was published for github.com/go-gitea/gitea (Go) Feb 9, 2022
Gophish vulnerable to Server-Side Request Forgery Moderate
CVE-2020-24710 was published for github.com/gophish/gophish (Go) May 24, 2022
request-baskets vulnerable to Server-Side Request Forgery Moderate
CVE-2023-27163 was published for github.com/darklynx/request-baskets (Go) Mar 31, 2023
KubeVela VelaUX APIserver has SSRF vulnerability Moderate
CVE-2022-39383 was published for github.com/oam-dev/kubevela (Go) Nov 18, 2022
Skipper vulnerable to SSRF via X-Skipper-Proxy Critical
CVE-2022-38580 was published for github.com/zalando/skipper (Go) Oct 25, 2022
tdunlap607
Server Side Request Forgery (SSRF) in Kubernetes Moderate
CVE-2020-8555 was published for k8s.io/kubernetes (Go) Feb 15, 2022
Server Side Request Forgery in Grafana Moderate
CVE-2020-13379 was published for github.com/grafana/grafana (Go) Feb 15, 2022
Gogs and Gitea SSRF Vulnerability High
CVE-2018-15192 was published for code.gitea.io/gitea (Go) May 14, 2022
Artifact Hub allows unsafe rego built-in Low
CVE-2023-45822 was published for github.com/artifacthub/hub (Go) Oct 19, 2023
dejanzelic
Access control issues in blackbox_exporter High
CVE-2023-26735 was published for github.com/prometheus/blackbox_exporter (Go) Apr 26, 2023
imgproxy is vulnerable to Server-Side Request Forgery Moderate
CVE-2023-30019 was published for github.com/imgproxy/imgproxy/v3 (Go) May 8, 2023
Paranoidhttp Server-Side Request Forgery vulnerability High
CVE-2023-24623 was published for github.com/hakobe/paranoidhttp (Go) Jan 30, 2023
Server-Side Request Forgery in github.com/greenpau/caddy-security Moderate
CVE-2024-21498 was published for github.com/greenpau/caddy-security (Go) Feb 17, 2024
memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta Moderate
CVE-2024-29028 was published for github.com/usememos/memos (Go) Aug 5, 2024
memos vulnerable to Server-Side Request Forgery in /api/resource Moderate
CVE-2024-29030 was published for github.com/usememos/memos (Go) Aug 5, 2024
ProTip! Advisories are also available from the GraphQL API