Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,951
Maven
5,000+
npm
4,597
NuGet
787
pip
4,304
Pub
12
RubyGems
982
Rust
1,121
Swift
49
Unreviewed advisories
All unreviewed
5,000+

889 advisories

Loading
Server-Side Request Forgery in Apache Dubbo Moderate
CVE-2021-25640 was published for com.alibaba:dubbo (Maven) Mar 18, 2022
The DefaultRepositoryAdminService class in Fisheye and Crucible before version 4.8.9 allowed... Moderate Unreviewed
CVE-2021-43954 was published Mar 15, 2022
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to server-side request... Moderate Unreviewed
CVE-2021-39051 was published Mar 15, 2022
SSRF in repository migration Moderate
GHSA-q347-cg56-pcq4 was published for gogs.io/gogs (Go) Mar 14, 2022
michaellrowley
Credited to michaellrowley
Spoofing attack in swagger-ui Moderate
CVE-2018-25031 was published for org.webjars:swagger-ui (Maven) Mar 12, 2022
AndrzejBiernacki2010
Credited to AndrzejBiernacki2010
SSRF in repository migration Moderate
CVE-2022-0870 was published for gogs.io/gogs (Go) Mar 12, 2022
In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call was possible. Moderate Unreviewed
CVE-2022-24333 was published Feb 26, 2022
Server Side Request Forgery (SSRF) in Kubernetes Moderate
CVE-2020-8555 was published for k8s.io/kubernetes (Go) Feb 15, 2022
Server Side Request Forgery in Grafana Moderate
CVE-2020-13379 was published for github.com/grafana/grafana (Go) Feb 15, 2022
Server-Side Request Forgery in Karaf Moderate
CVE-2020-11980 was published for org.apache.karaf.management:org.apache.karaf.management.server (Maven) Feb 10, 2022
Server-Side Request Forgery in @peertube/embed-api Moderate
CVE-2022-0508 was published for @peertube/embed-api (npm) Feb 9, 2022
Gitea displaying raw OpenID error in UI Moderate
CVE-2021-45325 was published for github.com/go-gitea/gitea (Go) Feb 9, 2022
Server-Side Request Forgery in calibreweb Moderate
CVE-2022-0339 was published for calibreweb (pip) Feb 1, 2022
RasmusWL
Credited to RasmusWL
SSRF vulnerability in jupyter-server-proxy Moderate
CVE-2022-21697 was published for jupyter-server-proxy (pip) Jan 27, 2022
mr-r3bot
Credited to mr-r3bot
Dell EMC Data Protection Central versions 19.5 and prior contain a Server Side Request Forgery... Moderate Unreviewed
CVE-2021-36349 was published Jan 25, 2022
Server side request forgery protections in GitLab CE/EE versions between 8.4 and 14.4.x, between... Moderate Unreviewed
CVE-2021-39927 was published Jan 19, 2022
SSRF vulnerability in M-Files Server products with versions before 22.1.11017.1, in a preview... Moderate Unreviewed
CVE-2021-41809 was published Jan 19, 2022
PartKeepr versions up to v1.4.0, in the functionality to upload attachments using a URL when... Moderate Unreviewed
CVE-2022-22702 was published Jan 11, 2022
Server-Side Request Forgery in Apache Kylin Moderate
CVE-2021-27738 was published for org.apache.kylin:kylin (Maven) Jan 8, 2022
The Zoom Client for Meetings before version 5.7.3 (for Android, iOS, Linux, macOS, and Windows)... Moderate Unreviewed
CVE-2021-34425 was published Dec 15, 2021
Server side request forgery in SwaggerUI Moderate
GHSA-qrmm-w75w-3wpx was published for Swashbuckle.AspNetCore.SwaggerUI (npm) Dec 9, 2021
dinvlad pshelton-skype
Dingjie-Daniel-Yang
Credited to dinvlad, pshelton-skype, and Dingjie-Daniel-Yang
An information disclosure via GET request server-side request forgery vulnerability was... Moderate Unreviewed
CVE-2021-37940 was published Dec 8, 2021
Server-Side Request Forgery in ssrf-agent Moderate
CVE-2021-23718 was published for ssrf-agent (npm) Dec 2, 2021
IBM QRadar SIEM 7.3 and 7.4 is vulnerable to server side request forgery (SSRF). This may allow... Moderate Unreviewed
CVE-2021-29863 was published Dec 2, 2021
Dell EMC Streaming Data Platform versions before 1.3 contain a Server Side Request Forgery... Moderate Unreviewed
CVE-2021-36327 was published Dec 1, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database