Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,343
Erlang
31
GitHub Actions
22
Go
2,107
Maven
5,000+
npm
3,764
NuGet
679
pip
3,452
Pub
12
RubyGems
892
Rust
886
Swift
37
Unreviewed advisories
All unreviewed
5,000+

232 advisories

Loading
A vulnerability in all versions of SCT/SCT Pro prior to version 14.2.2 allows a remote... Critical Unreviewed
CVE-2021-36203 was published Apr 23, 2022
An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to... Critical Unreviewed
CVE-2022-26499 was published Apr 16, 2022
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18. Critical Unreviewed
CVE-2022-0939 was published Apr 5, 2022
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18. Critical Unreviewed
CVE-2022-0990 was published Apr 5, 2022
A vulnerability was discovered in GitLab starting with version 12. GitLab was vulnerable to a... Critical Unreviewed
CVE-2022-0249 was published Mar 29, 2022
The FormCraft WordPress plugin before 3.8.28 does not validate the URL parameter in the... Critical Unreviewed
CVE-2022-0591 was published Mar 22, 2022
An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between... Critical Unreviewed
CVE-2021-45967 was published Mar 19, 2022
Server-Side Request Forgery in calibreweb Critical
CVE-2022-0767 was published for calibreweb (pip) Mar 8, 2022
Server-Side Request Forgery in calibreweb Critical
CVE-2022-0766 was published for calibreweb (pip) Mar 8, 2022
Server-Side Request Forgery (SSRF) in rudloff/alltube Critical
CVE-2022-0768 was published for rudloff/alltube (Composer) Mar 1, 2022
416e6e61
JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF). Critical Unreviewed
CVE-2022-25260 was published Feb 26, 2022
Server-Side Request Forgery and Uncontrolled Resource Consumption in LemMinX Critical
CVE-2022-0671 was published for org.eclipse.lemminx:lemminx-parent (Maven) Feb 19, 2022
This vulnerability could allow an attacker to force the server to create and execute a web... Critical Unreviewed
CVE-2022-21215 was published Feb 19, 2022
Novel-plus v3.6.0 was discovered to be vulnerable to Server-Side Request Forgery (SSRF) via user... Critical Unreviewed
CVE-2022-24568 was published Feb 11, 2022
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use user-controlled input to craft a URL,... Critical Unreviewed
CVE-2021-42637 was published Feb 9, 2022
Adding a new pipeline in GoCD server version 21.3.0 has a functionality that could be abused to... Critical Unreviewed
CVE-2021-44659 was published Dec 23, 2021
An SSRF issue was discovered in SquaredUp for SCOM 5.2.1.6654. Critical Unreviewed
CVE-2021-40091 was published Dec 7, 2021
The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Request Forgery) vulnerability... Critical Unreviewed
CVE-2021-22049 was published Nov 25, 2021
elFinder before 2.1.59 contains multiple vulnerabilities leading to RCE Critical
CVE-2021-32682 was published for studio-42/elfinder (Composer) Jun 16, 2021
thomas-chauchefoin-sonarsource
Server-Side Request Forgery in Feehi CMS Critical
CVE-2021-30108 was published for feehi/cms (Composer) Jun 8, 2021
libtaxii Server-Side Request Forgery vulnerability Critical
CVE-2020-27197 was published for libtaxii (pip) Apr 30, 2021
Lack of Input Validation in zendesk_api_client_php for Zendesk Subdomain Critical
CVE-2021-30492 was published for zendesk/zendesk_api_client_php (Composer) Apr 29, 2021
Server-Side Request Forgery in private-ip Critical
CVE-2020-28360 was published for private-ip (npm) Apr 13, 2021
Server-Side Request Forgery in ftp-srv Critical
CVE-2020-15152 was published for ftp-srv (npm) Aug 17, 2020
andreeleuterio trs
quiquelhappy
Server-Side Request Forgery in Hawt Hawtio Critical
CVE-2019-9827 was published for io.hawt:hawtio-core (Maven) Jul 5, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database