Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

167 advisories

Loading
The FormCraft WordPress plugin before 3.8.28 does not validate the URL parameter in the... Critical Unreviewed
CVE-2022-0591 was published Mar 22, 2022
A vulnerability was discovered in GitLab starting with version 12. GitLab was vulnerable to a... Critical Unreviewed
CVE-2022-0249 was published Mar 29, 2022
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18. Critical Unreviewed
CVE-2022-0990 was published Apr 5, 2022
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18. Critical Unreviewed
CVE-2022-0939 was published Apr 5, 2022
Wildix WMS 6 before 6.02.20221216, WMS 5 before 5.04.20221214, and WMS4 before 4.04.45396.23... Critical Unreviewed
CVE-2022-47635 was published Dec 21, 2022
A vulnerability in all versions of SCT/SCT Pro prior to version 14.2.2 allows a remote... Critical Unreviewed
CVE-2021-36203 was published Apr 23, 2022
Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via ... Critical Unreviewed
CVE-2022-27429 was published Apr 26, 2022
A Server-Side Request Forgery (SSRF) in the getFileBinary function of nbnbk cms 3 allows... Critical Unreviewed
CVE-2022-31386 was published Jun 10, 2022
Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via... Critical Unreviewed
CVE-2022-31390 was published Jun 10, 2022
A Server-Side Request Forgery (SSRF) vulnerability in IPS Community Suite before 4.6.2 allows... Critical Unreviewed
CVE-2021-40604 was published Jun 14, 2022
MonstaFTP v2.10.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the function... Critical Unreviewed
CVE-2022-31827 was published Jun 10, 2022
Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via... Critical Unreviewed
CVE-2022-31393 was published Jun 10, 2022
flatCore-CMS version 2.0.8 calls dangerous functions, causing server-side request forgery... Critical Unreviewed
CVE-2021-41403 was published Jun 16, 2022
Halo CMS v1.5.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the template... Critical Unreviewed
CVE-2022-32995 was published Jun 28, 2022
An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because a regular... Critical Unreviewed
CVE-2017-8794 was published May 17, 2022
Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x before 5.0.3 allows SSRF via... Critical Unreviewed
CVE-2022-25801 was published Jul 15, 2022
Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x before 5.0.3 allows SSRF via... Critical Unreviewed
CVE-2022-25800 was published Jul 15, 2022
ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the pkg_url... Critical Unreviewed
CVE-2022-41497 was published Oct 14, 2022
ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the... Critical Unreviewed
CVE-2022-41495 was published Oct 14, 2022
A remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s... Critical Unreviewed
CVE-2022-28616 was published May 18, 2022
iCMS v7.0.16 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter... Critical Unreviewed
CVE-2022-41496 was published Oct 14, 2022
An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to... Critical Unreviewed
CVE-2022-26499 was published Apr 16, 2022
SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or... Critical Unreviewed
CVE-2020-24881 was published May 24, 2022
A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely... Critical Unreviewed
CVE-2020-25466 was published May 24, 2022
Insufficient validation in the Bitdefender Update Server and BEST Relay components of Bitdefender... Critical Unreviewed
CVE-2020-15297 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API