Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,340
Erlang
31
GitHub Actions
22
Go
2,101
Maven
5,000+
npm
3,764
NuGet
679
pip
3,451
Pub
12
RubyGems
892
Rust
885
Swift
37
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

180 advisories

Loading
An issue was discovered in Zammad before 4.1.1. SSRF can occur via GitHub or GitLab integration. Critical Unreviewed
CVE-2021-42091 was published May 24, 2022
ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF. Critical Unreviewed
CVE-2021-37419 was published May 24, 2022
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen... Critical Unreviewed
CVE-2021-40438 was published May 24, 2022
Server-Side Request Forgery (SSRF) vulnerability has been detected in the SAP NetWeaver... Critical Unreviewed
CVE-2021-33690 was published May 24, 2022
eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject a url to trigger... Critical Unreviewed
CVE-2021-39497 was published May 24, 2022
Nagios XI Docker Wizard before version 1.1.3 is vulnerable to SSRF due to improper sanitation in... Critical Unreviewed
CVE-2021-37353 was published May 24, 2022
The OnAir2 WordPress theme before 3.9.9.2 and QT KenthaRadio WordPress plugin before 2.0.2 have... Critical Unreviewed
CVE-2021-24472 was published May 24, 2022
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021... Critical Unreviewed
CVE-2021-34473 was published May 24, 2022
A Server-Side Request Forgery (SSRF) vulnerability in ArcGIS Server Manager version 10.8.1 and... Critical Unreviewed
CVE-2021-29102 was published May 24, 2022
Server-side request forgery in the Video Downloader for TikTok (aka downloader-tiktok) plugin 1.3... Critical Unreviewed
CVE-2020-24142 was published May 24, 2022
Server-side request forgery (SSRF) in the Import XML and RSS Feeds (import-xml-feed) plugin 2.0.1... Critical Unreviewed
CVE-2020-24148 was published May 24, 2022
Server-side request forgery (SSR) vulnerability in the WP Smart Import (wp-smart-import) plugin 1... Critical Unreviewed
CVE-2020-24147 was published May 24, 2022
Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to Server-Side Request Forgery ... Critical Unreviewed
CVE-2021-31531 was published May 24, 2022
When requests to the internal network for webhooks are enabled, a server-side request forgery... Critical Unreviewed
CVE-2021-22175 was published May 24, 2022
Webtools in Brocade SANnav before version 2.1.1 allows unauthenticated users to make requests to... Critical Unreviewed
CVE-2020-15377 was published May 24, 2022
Server-Side Request Forgery (SSRF) vulnerability in webapi component in Synology Video Station... Critical Unreviewed
CVE-2021-33181 was published May 24, 2022
BMC Remedy Mid Tier 9.1SP3 is affected by remote and local file inclusion. Due to the lack of... Critical Unreviewed
CVE-2017-17674 was published May 24, 2022
A remote server side request forgery (SSRF) remote code execution vulnerability was discovered in... Critical Unreviewed
CVE-2021-29145 was published May 24, 2022
A server-side request forgery (SSRF) vulnerability in the addCustomThemePluginRepository function... Critical Unreviewed
CVE-2020-35313 was published May 24, 2022
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x... Critical Unreviewed
CVE-2021-22986 was published May 24, 2022
MuleSoft is aware of a Server Side Request Forgery vulnerability affecting certain versions of a... Critical Unreviewed
CVE-2021-1627 was published May 24, 2022
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021... Critical Unreviewed
CVE-2021-26855 was published May 24, 2022
Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter. Critical Unreviewed
CVE-2021-27670 was published May 24, 2022
A server-side request forgery (SSRF) vulnerability in Upgrade.php of gopeak masterlab 2.1.5, via... Critical Unreviewed
CVE-2020-23534 was published May 24, 2022
Friendica 2021.01 allows SSRF via parse_url?binurl= for DNS lookups or HTTP requests to arbitrary... Critical Unreviewed
CVE-2021-27329 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database