Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,950
Maven
5,000+
npm
4,596
NuGet
787
pip
4,301
Pub
12
RubyGems
982
Rust
1,121
Swift
49
Unreviewed advisories
All unreviewed
5,000+

280 advisories

Loading
Precisely Spectrum Spatial Analyst 20.01 is vulnerable to Server-Side Request Forgery (SSRF). Critical Unreviewed
CVE-2022-42183 was published Jul 31, 2023
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Server Side Request Forgery... Critical Unreviewed
CVE-2023-1895 was published Jul 6, 2023
Certain HP LaserJet Pro print products are potentially vulnerable to Potential Remote Code... Critical Unreviewed
CVE-2023-35175 was published Jun 30, 2023
In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing Critical Unreviewed
CVE-2022-48477 was published Apr 24, 2023
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before... Critical Unreviewed
CVE-2018-17452 was published Apr 16, 2023
OpenAPI Generator vulnerable to Server-Side Request Forgery Critical
CVE-2023-27162 was published for org.openapitools:openapi-generator-project (Maven) Mar 31, 2023
A vulnerability was found in OTCMS 6.72. It has been classified as critical. Affected is the... Critical Unreviewed
CVE-2023-1634 was published Mar 25, 2023
Report v0.9.8.6 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability. Critical Unreviewed
CVE-2022-46973 was published Mar 4, 2023
Unauthenticated server side request forgery in HPE Serviceguard Manager Critical Unreviewed
CVE-2022-37938 was published Mar 1, 2023
Undertow client not checking server identity presented by server certificate in https connections Critical
CVE-2022-4492 was published for io.undertow:undertow-core (Maven) Feb 23, 2023
fawind
Credited to fawind
An issue in the website background of taocms v3.0.2 allows attackers to execute a Server-Side... Critical Unreviewed
CVE-2022-46998 was published Jan 26, 2023
In certain Lexmark products through 2023-01-12, SSRF can occur because of a lack of input... Critical Unreviewed
CVE-2023-23560 was published Jan 23, 2023
Ariadne Component Library vulnerable to Server-Side Request Forgery Critical
CVE-2017-20157 was published for arc/web (Composer) Dec 31, 2022
AWS SDK is vulnerable to server-side request forgery (SSRF) Critical
CVE-2022-4725 was published for com.amazonaws:aws-android-sdk-mobile-client (Maven) Dec 27, 2022
Wildix WMS 6 before 6.02.20221216, WMS 5 before 5.04.20221214, and WMS4 before 4.04.45396.23... Critical Unreviewed
CVE-2022-47635 was published Dec 21, 2022
IBM Cognos Analytics 11.1.7 11.2.0, and 11.2.1 could be vulnerable to a Server-Side Request... Critical Unreviewed
CVE-2022-38708 was published Dec 19, 2022
Apache CXF Server-Side Request Forgery vulnerability Critical
CVE-2022-46364 was published for org.apache.cxf:cxf-core (Maven) Dec 13, 2022
Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) are vulnerable to SSRF when... Critical Unreviewed
CVE-2022-35508 was published Dec 4, 2022
Moodle blind Server-Side Request Forgery (SSRF) vulnerability in LTI provider library Critical
CVE-2022-45152 was published for moodle/moodle (Composer) Nov 25, 2022
ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Server-side request forgery ... Critical Unreviewed
CVE-2022-40842 was published Nov 22, 2022
The application was vulnerable to a Server-Side Request Forgery attacks, allowing the backend... Critical Unreviewed
CVE-2022-40296 was published Nov 1, 2022
Server-Side Request Forgery (SSRF) vulnerability in Hitachi Infrastructure Analytics Advisor on... Critical Unreviewed
CVE-2022-41552 was published Nov 1, 2022
Skipper vulnerable to SSRF via X-Skipper-Proxy Critical
CVE-2022-38580 was published for github.com/zalando/skipper (Go) Oct 25, 2022
tdunlap607
Credited to tdunlap607
kkFileView 4.0 is vulnerable to Server-side request forgery (SSRF) via controller... Critical Unreviewed
CVE-2022-42149 was published Oct 18, 2022
A security issue was discovered in WeBid <=1.2.2. A Server-Side Request Forgery (SSRF)... Critical Unreviewed
CVE-2022-41477 was published Oct 15, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database