GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,090
Erlang
29
GitHub Actions
19
Go
1,915
Maven
5,000+
npm
3,646
NuGet
638
pip
3,262
Pub
10
RubyGems
870
Rust
821
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
169 advisories
Filter by severity
Server-side request forgery (SSRF) in the Import XML and RSS Feeds (import-xml-feed) plugin 2.0.1...
Critical
Unreviewed
CVE-2020-24148
was published
May 24, 2022
Server-side request forgery (SSR) vulnerability in the WP Smart Import (wp-smart-import) plugin 1...
Critical
Unreviewed
CVE-2020-24147
was published
May 24, 2022
Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to Server-Side Request Forgery ...
Critical
Unreviewed
CVE-2021-31531
was published
May 24, 2022
When requests to the internal network for webhooks are enabled, a server-side request forgery...
Critical
Unreviewed
CVE-2021-22175
was published
May 24, 2022
Webtools in Brocade SANnav before version 2.1.1 allows unauthenticated users to make requests to...
Critical
Unreviewed
CVE-2020-15377
was published
May 24, 2022
Server-Side Request Forgery (SSRF) vulnerability in webapi component in Synology Video Station...
Critical
Unreviewed
CVE-2021-33181
was published
May 24, 2022
BMC Remedy Mid Tier 9.1SP3 is affected by remote and local file inclusion. Due to the lack of...
Critical
Unreviewed
CVE-2017-17674
was published
May 24, 2022
A remote server side request forgery (SSRF) remote code execution vulnerability was discovered in...
Critical
Unreviewed
CVE-2021-29145
was published
May 24, 2022
A server-side request forgery (SSRF) vulnerability in the addCustomThemePluginRepository function...
Critical
Unreviewed
CVE-2020-35313
was published
May 24, 2022
MuleSoft is aware of a Server Side Request Forgery vulnerability affecting certain versions of a...
Critical
Unreviewed
CVE-2021-1627
was published
May 24, 2022
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021...
Critical
Unreviewed
CVE-2021-26855
was published
May 24, 2022
Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter.
Critical
Unreviewed
CVE-2021-27670
was published
May 24, 2022
A server-side request forgery (SSRF) vulnerability in Upgrade.php of gopeak masterlab 2.1.5, via...
Critical
Unreviewed
CVE-2020-23534
was published
May 24, 2022
Friendica 2021.01 allows SSRF via parse_url?binurl= for DNS lookups or HTTP requests to arbitrary...
Critical
Unreviewed
CVE-2021-27329
was published
May 24, 2022
Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to...
Critical
Unreviewed
CVE-2021-27103
was published
May 24, 2022
** UNSUPPORTED WHEN ASSIGNED ** Server Side Request Forgery (SSRF) in Web Compliance Manager in...
Critical
Unreviewed
CVE-2020-35205
was published
May 24, 2022
Esri ArcGIS Server before 10.8 is vulnerable to SSRF in some configurations.
Critical
Unreviewed
CVE-2020-35712
was published
May 24, 2022
Insufficient validation in the Bitdefender Update Server and BEST Relay components of Bitdefender...
Critical
Unreviewed
CVE-2020-15297
was published
May 24, 2022
SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or...
Critical
Unreviewed
CVE-2020-24881
was published
May 24, 2022
A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely...
Critical
Unreviewed
CVE-2020-25466
was published
May 24, 2022
Emby Server before 4.5.0 allows SSRF via the Items/RemoteSearch/Image ImageURL parameter.
Critical
Unreviewed
CVE-2020-26948
was published
May 24, 2022
An SSRF issue was discovered in Enghouse Web Chat 6.1.300.31. In any POST request, one can...
Critical
Unreviewed
CVE-2019-16948
was published
May 24, 2022
An SSRF issue was discovered in the legacy Web launcher in Thycotic Secret Server before 10.7.
Critical
Unreviewed
CVE-2019-18355
was published
May 24, 2022
WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because URL...
Critical
Unreviewed
CVE-2019-17669
was published
May 24, 2022
SalesAgility SuiteCRM 7.10.x 7.10.19 and 7.11.x before and 7.11.7 has SSRF.
Critical
Unreviewed
CVE-2019-13335
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API