Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,132
Erlang
29
GitHub Actions
19
Go
1,937
Maven
5,000+
npm
3,676
NuGet
642
pip
3,294
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,098 advisories

Loading
IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x is vulnerable to server-side request forgery ... High Unreviewed
CVE-2021-39057 was published Dec 14, 2021
Server-Side Request Forgery in snipe/snipe-it High
CVE-2021-4075 was published for snipe/snipe-it (Composer) Dec 10, 2021
Server side request forgery in SwaggerUI Moderate
GHSA-qrmm-w75w-3wpx was published for Swashbuckle.AspNetCore.SwaggerUI (npm) Dec 9, 2021
dinvlad pshelton-skype
Dingjie-Daniel-Yang
An information disclosure via GET request server-side request forgery vulnerability was... Moderate Unreviewed
CVE-2021-37940 was published Dec 8, 2021
An SSRF issue was discovered in SquaredUp for SCOM 5.2.1.6654. Critical Unreviewed
CVE-2021-40091 was published Dec 7, 2021
Server-Side Request Forgery in ssrf-agent Moderate
CVE-2021-23718 was published for ssrf-agent (npm) Dec 2, 2021
An issue was discovered in Jamf Pro before 10.32.0, aka PI-009921. An account can be granted... High Unreviewed
CVE-2021-40809 was published Dec 2, 2021
IBM QRadar SIEM 7.3 and 7.4 is vulnerable to server side request forgery (SSRF). This may allow... Moderate Unreviewed
CVE-2021-29863 was published Dec 2, 2021
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to an SSRF attack in ActionExecutor. High Unreviewed
CVE-2021-43296 was published Dec 1, 2021
Dell EMC Streaming Data Platform versions before 1.3 contain a Server Side Request Forgery... Moderate Unreviewed
CVE-2021-36327 was published Dec 1, 2021
The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Request Forgery) vulnerability... Critical Unreviewed
CVE-2021-22049 was published Nov 25, 2021
A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of... High Unreviewed
CVE-2021-3552 was published Nov 25, 2021
Server-Side Request Forgery in Concrete CMS Moderate
CVE-2021-22970 was published for concrete5/core (Composer) Nov 23, 2021
Server-Side Request Forgery in Concrete CMS Moderate
CVE-2021-22969 was published for concrete5/core (Composer) Nov 23, 2021
Server-Side Request Forgery vulnerability in concrete5 High
CVE-2021-22958 was published for concrete5/concrete5 (Composer) Oct 12, 2021
Response Splitting from unsanitized headers High
CVE-2021-41084 was published for org.http4s:http4s-client (Maven) Sep 22, 2021
Server-Side Request Forgery in UReport High
CVE-2020-21122 was published for com.bstek.ureport:ureport2-console (Maven) Sep 20, 2021
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host High
CVE-2021-39150 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host High
CVE-2021-39152 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
Authenticated server-side request forgery in file upload via URL. High
CVE-2021-37711 was published for shopware/core (Composer) Aug 23, 2021
elFinder before 2.1.59 contains multiple vulnerabilities leading to RCE Critical
CVE-2021-32682 was published for studio-42/elfinder (Composer) Jun 16, 2021
thomas-chauchefoin-sonarsource
Server-Side Request Forgery in Plone High
CVE-2021-33511 was published for Plone (pip) Jun 15, 2021
Server-Side Request Forgery in Plone Moderate
CVE-2021-33510 was published for Plone (pip) Jun 15, 2021
Django Access Control Bypass possibly leading to SSRF, RFI, and LFI attacks High
CVE-2021-33571 was published for Django (pip) Jun 10, 2021
tdunlap607
Server-Side Request Forgery in Feehi CMS Critical
CVE-2021-30108 was published for feehi/cms (Composer) Jun 8, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database