Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,090
Erlang
29
GitHub Actions
19
Go
1,915
Maven
5,000+
npm
3,646
NuGet
638
pip
3,262
Pub
10
RubyGems
870
Rust
821
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

169 advisories

Loading
A blind SSRF vulnerability exists in the Visualizer plugin before 3.3.1 for WordPress via wp-json... Critical Unreviewed
CVE-2019-16932 was published May 24, 2022
A Server-Side Request Forgery (SSRF): CWE-918 vulnerability exists in U.motion Server (MEG6501... Critical Unreviewed
CVE-2019-6837 was published May 24, 2022
The fetch API in Tightrope Media Carousel before 7.1.3 has CarouselAPI/v0/fetch?url= SSRF. This... Critical Unreviewed
CVE-2019-13020 was published May 24, 2022
openITCOCKPIT before 3.7.1 allows SSRF, aka RVID 5-445b21. Critical Unreviewed
CVE-2019-15494 was published May 24, 2022
The nelio-ab-testing plugin before 4.5.11 for WordPress has SSRF in ajax/iesupport.php. Critical Unreviewed
CVE-2016-10927 was published May 24, 2022
The nelio-ab-testing plugin before 4.5.9 for WordPress has SSRF in ajax/iesupport.php. Critical Unreviewed
CVE-2016-10926 was published May 24, 2022
A remote unauthenticated attacker can abuse a web service in SAP NetWeaver Application Server for... Critical Unreviewed
CVE-2019-0345 was published May 24, 2022
A Server Side Request Forgery (SSRF) vulnerability in go-camo up to version 1.1.4 allows a remote... Critical Unreviewed
CVE-2019-14255 was published May 24, 2022
Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer version 6.2.0 for... Critical Unreviewed
CVE-2019-12994 was published May 24, 2022
An SSRF issue was discovered in HTTPD on MicroDigital N-series cameras with firmware through 6400... Critical Unreviewed
CVE-2019-14704 was published May 24, 2022
An SSRF attack was possible on a JetBrains YouTrack server. The issue (1 of 2) was fixed in... Critical Unreviewed
CVE-2019-12852 was published May 24, 2022
Lack of validation in the HTML parser in RealObjects PDFreactor before 10.1.10722 leads to SSRF,... Critical Unreviewed
CVE-2019-12153 was published May 24, 2022
Server-side Request Forgery (SSRF) and File Enumeration vulnerability in Apache Roller 5.2.1, 5.2... Critical Unreviewed
CVE-2018-17198 was published May 24, 2022
OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF. Critical Unreviewed
CVE-2017-13667 was published May 24, 2022
openid.php in LightOpenID through 1.3.1 allows SSRF via a crafted OpenID 2.0 assertion request... Critical Unreviewed
CVE-2019-11066 was published May 24, 2022
Server Side Request Forgery (SSRF) exists in the Print My Blog plugin before 1.6.7 for WordPress... Critical Unreviewed
CVE-2019-11565 was published May 24, 2022
A remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s... Critical Unreviewed
CVE-2022-28616 was published May 18, 2022
An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because a regular... Critical Unreviewed
CVE-2017-8794 was published May 17, 2022
I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request Forgery in the... Critical Unreviewed
CVE-2017-1000237 was published May 17, 2022
An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A Server-Side Request... Critical Unreviewed
CVE-2017-11291 was published May 17, 2022
The Fusion Builder WordPress plugin before 3.6.2, used in the Avada theme, does not validate a... Critical Unreviewed
CVE-2022-1386 was published May 17, 2022
URL Restriction Bypass in GitHub repository plantuml/plantuml prior to V1.2022.5. An attacker can... Critical Unreviewed
CVE-2022-1379 was published May 15, 2022
I, Librarian version 4.8 and earlier contains a SSRF vulnerability in "url" parameter of... Critical Unreviewed
CVE-2018-1000138 was published May 14, 2022
SSRF (Server Side Request Forgery) in tpshop 2.0.5 and 2.0.6 allows remote attackers to obtain... Critical Unreviewed
CVE-2017-16614 was published May 14, 2022
SSRF (Server Side Request Forgery) in Cockpit 0.13.0 allows remote attackers to read arbitrary... Critical Unreviewed
CVE-2017-14611 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database