Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,344
Erlang
31
GitHub Actions
22
Go
2,109
Maven
5,000+
npm
3,764
NuGet
680
pip
3,453
Pub
12
RubyGems
892
Rust
887
Swift
37
Unreviewed advisories
All unreviewed
5,000+

1,207 advisories

Loading
The Post SMTP Mailer/Email Log WordPress plugin before 2.1.7 does not have proper authorisation... High Unreviewed
CVE-2022-2352 was published Sep 27, 2022
SAP Netweaver AS ABAP, versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754,... Moderate Unreviewed
CVE-2020-6275 was published May 24, 2022
HPE Release Control (RC) 9.13, 9.20, and 9.21 before 9.21.0005 p4 allows remote authenticated... High Unreviewed
CVE-2016-4374 was published May 17, 2022
IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4... High Unreviewed
CVE-2022-31776 was published Aug 2, 2022
The media-file upload feature in GeniXCMS through 0.0.8 allows remote attackers to conduct SSRF... High Unreviewed
CVE-2017-5518 was published May 17, 2022
OX App Suite through 7.10.6 allows SSRF because multipart/form-data boundaries are predictable,... Moderate Unreviewed
CVE-2022-24406 was published Jul 28, 2022
The fetch_remote_file function in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System... High Unreviewed
CVE-2016-9417 was published May 17, 2022
IBM Forms Experience Builder could be susceptible to a server-side request forgery (SSRF) from... Low Unreviewed
CVE-2016-6001 was published May 17, 2022
In vBulletin before 5.3.0, remote attackers can bypass the CVE-2016-6483 patch and conduct SSRF... High Unreviewed
CVE-2017-7569 was published May 17, 2022
IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to server... Moderate Unreviewed
CVE-2022-22416 was published Jul 20, 2022
F5 SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 is vulnerable to a Server-Side... High Unreviewed
CVE-2017-6130 was published May 17, 2022
ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server... High Unreviewed
CVE-2016-7999 was published May 17, 2022
Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x before 5.0.3 allows SSRF via... Critical Unreviewed
CVE-2022-25800 was published Jul 15, 2022
The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor... High Unreviewed
CVE-2022-22982 was published Jul 14, 2022
MyBB before 1.8.11 allows remote attackers to bypass an SSRF protection mechanism. High Unreviewed
CVE-2017-7566 was published May 17, 2022
Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x before 5.0.3 allows SSRF via... Critical Unreviewed
CVE-2022-25801 was published Jul 15, 2022
Insufficient user input in Apache Jetspeed-2 Critical
CVE-2022-32533 was published for org.apache.portals.jetspeed-2:jetspeed-commons (Maven) Jul 7, 2022
SSRF vulnerability in remotedownload.php in Allen Disk 1.6 allows remote authenticated users to... Moderate Unreviewed
CVE-2017-9307 was published May 17, 2022
A vulnerability, which was classified as critical, has been found in Lithium Forum 2017 Q1. This... Moderate Unreviewed
CVE-2017-20106 was published Jun 29, 2022
Server-Side Request Forgery in link-preview-js Moderate
CVE-2022-25876 was published for link-preview-js (npm) Jul 2, 2022
jhutchings1
An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because a regular... Critical Unreviewed
CVE-2017-8794 was published May 17, 2022
With this SSRF vulnerability, an attacker can reach internal addresses to make a request as the... High Unreviewed
CVE-2022-2339 was published Jul 8, 2022
Server-Side Request Forgery in Directus Moderate
CVE-2022-23080 was published for directus (npm) Jun 23, 2022
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request... Moderate Unreviewed
CVE-2021-20421 was published Jun 25, 2022
OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via... Moderate Unreviewed
CVE-2022-34013 was published Jun 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database