Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

56 advisories

Loading
Authenticated Server Side Request Forgery Low
GHSA-8pfh-mm2g-hmc3 was published for shopware/core (Composer) Dec 21, 2020
Lack of Input Validation in zendesk_api_client_php for Zendesk Subdomain Critical
CVE-2021-30492 was published for zendesk/zendesk_api_client_php (Composer) Apr 29, 2021
Server side request forgery in LiveHelperChat High
CVE-2022-1213 was published for remdex/livehelperchat (Composer) Apr 6, 2022
Server-Side Request Forgery (SSRF) in Shopware High
CVE-2022-24871 was published for shopware/core (Composer) Apr 22, 2022
shyim
Rank Math SEO plugin vulnerable to Server-Side Request Forgery Critical
CVE-2022-36376 was published for rankmath/seo-by-rank-math (Composer) Sep 10, 2022
elFinder before 2.1.59 contains multiple vulnerabilities leading to RCE Critical
CVE-2021-32682 was published for studio-42/elfinder (Composer) Jun 16, 2021
thomas-chauchefoin-sonarsource
Server-Side Request Forgery in dompdf/dompdf Moderate
CVE-2022-0085 was published for dompdf/dompdf (Composer) Jun 29, 2022
G-Rath
SSRF in adminer High
CVE-2021-21311 was published for vrana/adminer (Composer) Feb 11, 2021
bpsizemore UNC1739
Server-Side Request Forgery in yoast_seo Moderate
CVE-2021-31779 was published for yoast-seo-for-typo3/yoast_seo (Composer) May 21, 2021
Authenticated server-side request forgery in file upload via URL. High
CVE-2021-37711 was published for shopware/core (Composer) Aug 23, 2021
Server-Side Request Forgery in Concrete CMS Moderate
CVE-2021-22969 was published for concrete5/core (Composer) Nov 23, 2021
Server-Side Request Forgery vulnerability in concrete5 High
CVE-2021-22958 was published for concrete5/concrete5 (Composer) Oct 12, 2021
Server-Side Request Forgery in Concrete CMS Moderate
CVE-2021-22970 was published for concrete5/core (Composer) Nov 23, 2021
Ariadne Component Library vulnerable to Server-Side Request Forgery Critical
CVE-2017-20157 was published for arc/web (Composer) Dec 31, 2022
Cross-site Scripting in HTML2PDF High
CVE-2021-45394 was published for spipu/html2pdf (Composer) Jan 21, 2022
Moodle vulnerable to Server-Side Request Forgery High
CVE-2021-36396 was published for moodle/moodle (Composer) Mar 6, 2023
Appwrite Server-Side Request Forgery vulnerability High
CVE-2023-27159 was published for appwrite/server-ce (Composer) Mar 31, 2023
phpBB Server-Side Request Forgery Vulnerability Moderate
CVE-2020-8226 was published for phpbb/phpbb (Composer) May 24, 2022
Rudloff
Server-Side Request Forgery in Feehi CMS Critical
CVE-2021-30108 was published for feehi/cms (Composer) Jun 8, 2021
SSRF in Kitodo.Presentation High
CVE-2022-24980 was published for kitodo/presentation (Composer) Feb 20, 2022
Shopware vulnerable to SSRF High
CVE-2020-13970 was published for shopware/platform (Composer) May 24, 2022
phpThumb is vulnerable to Server-Side Request Forgery (SSRF) Moderate
CVE-2013-6919 was published for james-heinrich/phpthumb (Composer) May 17, 2022
Moodle SSRF Vulnerability Moderate
CVE-2018-1042 was published for moodle/moodle (Composer) May 14, 2022
Server-Side Request Forgery in snipe/snipe-it High
CVE-2021-4075 was published for snipe/snipe-it (Composer) Dec 10, 2021
vrana/adminer vulnerable to SSRF by connecting to privileged ports Moderate
CVE-2018-7667 was published for vrana/adminer (Composer) Feb 11, 2021
SecGus
ProTip! Advisories are also available from the GraphQL API