GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,217
Composer 4,344
Erlang 31
GitHub Actions 22
Go 2,112
Maven 5,288
npm 3,767
NuGet 680
pip 3,454
Pub 12
RubyGems 892
Rust 888
Swift 38

Unreviewed advisories

All unreviewed 243,581

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

1,208 advisories

Filter by severity

Sort by

Least recently updated

bookstack is vulnerable to Server-Side Request Forgery (SSRF) Moderate Unreviewed

CVE-2021-3758 was published May 24, 2022

YzmCMS v5.5 contains a server-side request forgery (SSRF) in the grab_image() function. High Unreviewed

CVE-2020-20341 was published May 24, 2022

Server Side Request Forgery (SSRF) vulnerability exists in owncloud/user_ldap < 0.15.4 in the... Moderate Unreviewed

CVE-2021-40537 was published May 24, 2022

The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in... High Unreviewed

CVE-2021-22026 was published May 24, 2022

An SSRF vulnerability in Gotenberg through 6.2.1 exists in the remote URL to PDF conversion,... High Unreviewed

CVE-2020-14160 was published May 24, 2022

The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in... High Unreviewed

CVE-2021-22027 was published May 24, 2022

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are... Moderate Unreviewed

CVE-2021-36043 was published May 24, 2022

Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 (and below) is... Moderate Unreviewed

CVE-2021-28627 was published May 24, 2022

The Mailchimp for WooCommerce WordPress plugin before 2.7.1 has an AJAX action that allows any... Moderate Unreviewed

CVE-2022-2267 was published Aug 29, 2022

SSRF in URL file upload in Baserow <1.1.0 allows remote authenticated users to retrieve files... Moderate Unreviewed

CVE-2021-22255 was published May 24, 2022

A server-side request forgery (SSRF) vulnerability in rConfig 3.9.5 has been fixed for 3.9.6.... Moderate Unreviewed

CVE-2020-25353 was published May 24, 2022

Nagios XI Docker Wizard before version 1.1.3 is vulnerable to SSRF due to improper sanitation in... Critical Unreviewed

CVE-2021-37353 was published May 24, 2022

A server-side request forgery (SSRF) (CWE-918) vulnerability in FortiManager and FortiAnalyser... Moderate Unreviewed

CVE-2021-32603 was published May 24, 2022

The OnAir2 WordPress theme before 3.9.9.2 and QT KenthaRadio WordPress plugin before 2.0.2 have... Critical Unreviewed

CVE-2021-24472 was published May 24, 2022

Server-side request forgery (SSRF) vulnerability in GroupSession (GroupSession Free edition from... Moderate Unreviewed

CVE-2021-20788 was published May 24, 2022

IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow... Moderate Unreviewed

CVE-2020-4974 was published May 24, 2022

Adobe Campaign version 7.3.1 (and earlier) and 8.3.9 (and earlier) are affected by a Server-Side... Moderate Unreviewed

CVE-2022-42343 was published Dec 21, 2022

Digiwin BPM has inadequate filtering for URL parameter. An unauthenticated remote attacker can... Moderate Unreviewed

CVE-2022-32457 was published Jul 21, 2022

OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows SSRF via a shared SVG... Moderate Unreviewed

CVE-2021-26699 was published May 24, 2022

A CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists in EVlink City (EVC1S22P4 /... High Unreviewed

CVE-2021-22726 was published May 24, 2022

Siren Investigate before 11.1.1 contains a server side request forgery (SSRF) defect in the built... High Unreviewed

CVE-2021-31216 was published May 24, 2022

An SSRF vulnerability in the "Upload from URL" feature in Elements-IT HTTP Commander 5.3.3 allows... Moderate Unreviewed

CVE-2021-33213 was published May 24, 2022

SSRF vulnerability in Halo <=1.3.2 exists in the SMTP configuration, which can detect the server... High Unreviewed

CVE-2020-23079 was published May 24, 2022

A Server-Side Request Forgery (SSRF) vulnerability in ArcGIS Server Manager version 10.8.1 and... Critical Unreviewed

CVE-2021-29102 was published May 24, 2022

Server-side request forgery in the Video Downloader for TikTok (aka downloader-tiktok) plugin 1.3... Critical Unreviewed

CVE-2020-24142 was published May 24, 2022

Previous 1 2 … 37 38 39 40 41 … 48 49 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

1,208 advisories