GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
21
Go
2,094
Maven
5,000+
npm
3,759
NuGet
678
pip
3,445
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+
423 advisories
Filter by severity
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
High
CVE-2021-39150
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector
High
CVE-2022-29153
was published
for
github.com/hashicorp/consul
(Go)
Apr 20, 2022
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
High
CVE-2021-39152
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio...
High
Unreviewed
CVE-2022-1815
was published
May 26, 2022
Server-Side Request Forgery in Jodd HTTP
High
CVE-2022-29631
was published
for
org.jodd:jodd-http
(Maven)
Jun 7, 2022
The AppCheck research team identified a Server-Side Request Forgery (SSRF) vulnerability within...
High
Unreviewed
CVE-2021-40186
was published
Jun 3, 2022
XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might...
High
Unreviewed
CVE-2017-9355
was published
May 17, 2022
The Import Export All WordPress Images, Users & Post Types WordPress plugin before 6.5.3 does not...
High
Unreviewed
CVE-2022-1977
was published
Jun 28, 2022
With this SSRF vulnerability, an attacker can reach internal addresses to make a request as the...
High
Unreviewed
CVE-2022-2339
was published
Jul 8, 2022
MyBB before 1.8.11 allows remote attackers to bypass an SSRF protection mechanism.
High
Unreviewed
CVE-2017-7566
was published
May 17, 2022
The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor...
High
Unreviewed
CVE-2022-22982
was published
Jul 14, 2022
ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server...
High
Unreviewed
CVE-2016-7999
was published
May 17, 2022
F5 SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 is vulnerable to a Server-Side...
High
Unreviewed
CVE-2017-6130
was published
May 17, 2022
In vBulletin before 5.3.0, remote attackers can bypass the CVE-2016-6483 patch and conduct SSRF...
High
Unreviewed
CVE-2017-7569
was published
May 17, 2022
The fetch_remote_file function in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System...
High
Unreviewed
CVE-2016-9417
was published
May 17, 2022
The media-file upload feature in GeniXCMS through 0.0.8 allows remote attackers to conduct SSRF...
High
Unreviewed
CVE-2017-5518
was published
May 17, 2022
IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4...
High
Unreviewed
CVE-2022-31776
was published
Aug 2, 2022
HPE Release Control (RC) 9.13, 9.20, and 9.21 before 9.21.0005 p4 allows remote authenticated...
High
Unreviewed
CVE-2016-4374
was published
May 17, 2022
The Post SMTP Mailer/Email Log WordPress plugin before 2.1.7 does not have proper authorisation...
High
Unreviewed
CVE-2022-2352
was published
Sep 27, 2022
In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP...
High
Unreviewed
CVE-2016-9752
was published
May 17, 2022
The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php in DokuWiki 2016-06-26a...
High
Unreviewed
CVE-2016-7964
was published
May 17, 2022
An issue in the graphData.cgi component of perfSONAR v4.4.5 and prior allows attackers to access...
High
Unreviewed
CVE-2022-41412
was published
Nov 30, 2022
CSZCMS v1.3.0 allows attackers to execute a Server-Side Request Forgery (SSRF) which can be...
High
Unreviewed
CVE-2022-28997
was published
May 24, 2022
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.5.
High
Unreviewed
CVE-2022-1711
was published
May 18, 2022
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.8.
High
Unreviewed
CVE-2022-1784
was published
May 21, 2022
ProTip!
Advisories are also available from the
GraphQL API