GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,090
Erlang
29
GitHub Actions
19
Go
1,915
Maven
5,000+
npm
3,646
NuGet
638
pip
3,262
Pub
10
RubyGems
870
Rust
821
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
169 advisories
Filter by severity
A blind SSRF vulnerability exists in the Visualizer plugin before 3.3.1 for WordPress via wp-json...
Critical
Unreviewed
CVE-2019-16932
was published
May 24, 2022
A Server-Side Request Forgery (SSRF): CWE-918 vulnerability exists in U.motion Server (MEG6501...
Critical
Unreviewed
CVE-2019-6837
was published
May 24, 2022
The fetch API in Tightrope Media Carousel before 7.1.3 has CarouselAPI/v0/fetch?url= SSRF. This...
Critical
Unreviewed
CVE-2019-13020
was published
May 24, 2022
openITCOCKPIT before 3.7.1 allows SSRF, aka RVID 5-445b21.
Critical
Unreviewed
CVE-2019-15494
was published
May 24, 2022
The nelio-ab-testing plugin before 4.5.11 for WordPress has SSRF in ajax/iesupport.php.
Critical
Unreviewed
CVE-2016-10927
was published
May 24, 2022
The nelio-ab-testing plugin before 4.5.9 for WordPress has SSRF in ajax/iesupport.php.
Critical
Unreviewed
CVE-2016-10926
was published
May 24, 2022
A remote unauthenticated attacker can abuse a web service in SAP NetWeaver Application Server for...
Critical
Unreviewed
CVE-2019-0345
was published
May 24, 2022
A Server Side Request Forgery (SSRF) vulnerability in go-camo up to version 1.1.4 allows a remote...
Critical
Unreviewed
CVE-2019-14255
was published
May 24, 2022
Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer version 6.2.0 for...
Critical
Unreviewed
CVE-2019-12994
was published
May 24, 2022
An SSRF issue was discovered in HTTPD on MicroDigital N-series cameras with firmware through 6400...
Critical
Unreviewed
CVE-2019-14704
was published
May 24, 2022
An SSRF attack was possible on a JetBrains YouTrack server. The issue (1 of 2) was fixed in...
Critical
Unreviewed
CVE-2019-12852
was published
May 24, 2022
Lack of validation in the HTML parser in RealObjects PDFreactor before 10.1.10722 leads to SSRF,...
Critical
Unreviewed
CVE-2019-12153
was published
May 24, 2022
Server-side Request Forgery (SSRF) and File Enumeration vulnerability in Apache Roller 5.2.1, 5.2...
Critical
Unreviewed
CVE-2018-17198
was published
May 24, 2022
OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF.
Critical
Unreviewed
CVE-2017-13667
was published
May 24, 2022
openid.php in LightOpenID through 1.3.1 allows SSRF via a crafted OpenID 2.0 assertion request...
Critical
Unreviewed
CVE-2019-11066
was published
May 24, 2022
Server Side Request Forgery (SSRF) exists in the Print My Blog plugin before 1.6.7 for WordPress...
Critical
Unreviewed
CVE-2019-11565
was published
May 24, 2022
A remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s...
Critical
Unreviewed
CVE-2022-28616
was published
May 18, 2022
An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because a regular...
Critical
Unreviewed
CVE-2017-8794
was published
May 17, 2022
I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request Forgery in the...
Critical
Unreviewed
CVE-2017-1000237
was published
May 17, 2022
An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A Server-Side Request...
Critical
Unreviewed
CVE-2017-11291
was published
May 17, 2022
The Fusion Builder WordPress plugin before 3.6.2, used in the Avada theme, does not validate a...
Critical
Unreviewed
CVE-2022-1386
was published
May 17, 2022
URL Restriction Bypass in GitHub repository plantuml/plantuml prior to V1.2022.5. An attacker can...
Critical
Unreviewed
CVE-2022-1379
was published
May 15, 2022
I, Librarian version 4.8 and earlier contains a SSRF vulnerability in "url" parameter of...
Critical
Unreviewed
CVE-2018-1000138
was published
May 14, 2022
SSRF (Server Side Request Forgery) in tpshop 2.0.5 and 2.0.6 allows remote attackers to obtain...
Critical
Unreviewed
CVE-2017-16614
was published
May 14, 2022
SSRF (Server Side Request Forgery) in Cockpit 0.13.0 allows remote attackers to read arbitrary...
Critical
Unreviewed
CVE-2017-14611
was published
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API