GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
21
Go
2,094
Maven
5,000+
npm
3,759
NuGet
678
pip
3,445
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+
1,193 advisories
Filter by severity
Server-Side Request Forgery in Plone
Moderate
CVE-2021-33510
was published
for
Plone
(pip)
Jun 15, 2021
elFinder before 2.1.59 contains multiple vulnerabilities leading to RCE
Critical
CVE-2021-32682
was published
for
studio-42/elfinder
(Composer)
Jun 16, 2021
Authenticated server-side request forgery in file upload via URL.
High
CVE-2021-37711
was published
for
shopware/core
(Composer)
Aug 23, 2021
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
High
CVE-2021-39152
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
High
CVE-2021-39150
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
Server-Side Request Forgery in UReport
High
CVE-2020-21122
was published
for
com.bstek.ureport:ureport2-console
(Maven)
Sep 20, 2021
Response Splitting from unsanitized headers
High
CVE-2021-41084
was published
for
org.http4s:http4s-client
(Maven)
Sep 22, 2021
Server-Side Request Forgery vulnerability in concrete5
High
CVE-2021-22958
was published
for
concrete5/concrete5
(Composer)
Oct 12, 2021
Server-Side Request Forgery in Concrete CMS
Moderate
CVE-2021-22969
was published
for
concrete5/core
(Composer)
Nov 23, 2021
Server-Side Request Forgery in Concrete CMS
Moderate
CVE-2021-22970
was published
for
concrete5/core
(Composer)
Nov 23, 2021
The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Request Forgery) vulnerability...
Critical
Unreviewed
CVE-2021-22049
was published
Nov 25, 2021
A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of...
High
Unreviewed
CVE-2021-3552
was published
Nov 25, 2021
Dell EMC Streaming Data Platform versions before 1.3 contain a Server Side Request Forgery...
Moderate
Unreviewed
CVE-2021-36327
was published
Dec 1, 2021
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to an SSRF attack in ActionExecutor.
High
Unreviewed
CVE-2021-43296
was published
Dec 1, 2021
IBM QRadar SIEM 7.3 and 7.4 is vulnerable to server side request forgery (SSRF). This may allow...
Moderate
Unreviewed
CVE-2021-29863
was published
Dec 2, 2021
An issue was discovered in Jamf Pro before 10.32.0, aka PI-009921. An account can be granted...
High
Unreviewed
CVE-2021-40809
was published
Dec 2, 2021
Server-Side Request Forgery in ssrf-agent
Moderate
CVE-2021-23718
was published
for
ssrf-agent
(npm)
Dec 2, 2021
An SSRF issue was discovered in SquaredUp for SCOM 5.2.1.6654.
Critical
Unreviewed
CVE-2021-40091
was published
Dec 7, 2021
An information disclosure via GET request server-side request forgery vulnerability was...
Moderate
Unreviewed
CVE-2021-37940
was published
Dec 8, 2021
Server side request forgery in SwaggerUI
Moderate
GHSA-qrmm-w75w-3wpx
was published
for
Swashbuckle.AspNetCore.SwaggerUI
(npm)
Dec 9, 2021
Server-Side Request Forgery in snipe/snipe-it
High
CVE-2021-4075
was published
for
snipe/snipe-it
(Composer)
Dec 10, 2021
IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x is vulnerable to server-side request forgery ...
High
Unreviewed
CVE-2021-39057
was published
Dec 14, 2021
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.5 before 14...
High
Unreviewed
CVE-2021-39935
was published
Dec 14, 2021
The Zoom Client for Meetings before version 5.7.3 (for Android, iOS, Linux, macOS, and Windows)...
Moderate
Unreviewed
CVE-2021-34425
was published
Dec 15, 2021
ProTip!
Advisories are also available from the
GraphQL API