GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,184
Composer 4,340
Erlang 31
GitHub Actions 22
Go 2,101
Maven 5,279
npm 3,764
NuGet 679
pip 3,451
Pub 12
RubyGems 892
Rust 885
Swift 37

Unreviewed advisories

All unreviewed 242,936

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

180 advisories

Filter by severity

Sort by

Least recently updated

Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to... Critical Unreviewed

CVE-2021-27103 was published May 24, 2022

** UNSUPPORTED WHEN ASSIGNED ** Server Side Request Forgery (SSRF) in Web Compliance Manager in... Critical Unreviewed

CVE-2020-35205 was published May 24, 2022

Esri ArcGIS Server before 10.8 is vulnerable to SSRF in some configurations. Critical Unreviewed

CVE-2020-35712 was published May 24, 2022

Insufficient validation in the Bitdefender Update Server and BEST Relay components of Bitdefender... Critical Unreviewed

CVE-2020-15297 was published May 24, 2022

SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or... Critical Unreviewed

CVE-2020-24881 was published May 24, 2022

A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely... Critical Unreviewed

CVE-2020-25466 was published May 24, 2022

Emby Server before 4.5.0 allows SSRF via the Items/RemoteSearch/Image ImageURL parameter. Critical Unreviewed

CVE-2020-26948 was published May 24, 2022

An SSRF issue was discovered in Enghouse Web Chat 6.1.300.31. In any POST request, one can... Critical Unreviewed

CVE-2019-16948 was published May 24, 2022

An SSRF issue was discovered in the legacy Web launcher in Thycotic Secret Server before 10.7. Critical Unreviewed

CVE-2019-18355 was published May 24, 2022

WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because URL... Critical Unreviewed

CVE-2019-17669 was published May 24, 2022

SalesAgility SuiteCRM 7.10.x 7.10.19 and 7.11.x before and 7.11.7 has SSRF. Critical Unreviewed

CVE-2019-13335 was published May 24, 2022

A blind SSRF vulnerability exists in the Visualizer plugin before 3.3.1 for WordPress via wp-json... Critical Unreviewed

CVE-2019-16932 was published May 24, 2022

A Server-Side Request Forgery (SSRF): CWE-918 vulnerability exists in U.motion Server (MEG6501... Critical Unreviewed

CVE-2019-6837 was published May 24, 2022

The fetch API in Tightrope Media Carousel before 7.1.3 has CarouselAPI/v0/fetch?url= SSRF. This... Critical Unreviewed

CVE-2019-13020 was published May 24, 2022

openITCOCKPIT before 3.7.1 allows SSRF, aka RVID 5-445b21. Critical Unreviewed

CVE-2019-15494 was published May 24, 2022

The nelio-ab-testing plugin before 4.5.11 for WordPress has SSRF in ajax/iesupport.php. Critical Unreviewed

CVE-2016-10927 was published May 24, 2022

The nelio-ab-testing plugin before 4.5.9 for WordPress has SSRF in ajax/iesupport.php. Critical Unreviewed

CVE-2016-10926 was published May 24, 2022

A remote unauthenticated attacker can abuse a web service in SAP NetWeaver Application Server for... Critical Unreviewed

CVE-2019-0345 was published May 24, 2022

A Server Side Request Forgery (SSRF) vulnerability in go-camo up to version 1.1.4 allows a remote... Critical Unreviewed

CVE-2019-14255 was published May 24, 2022

Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer version 6.2.0 for... Critical Unreviewed

CVE-2019-12994 was published May 24, 2022

An SSRF issue was discovered in HTTPD on MicroDigital N-series cameras with firmware through 6400... Critical Unreviewed

CVE-2019-14704 was published May 24, 2022

An SSRF attack was possible on a JetBrains YouTrack server. The issue (1 of 2) was fixed in... Critical Unreviewed

CVE-2019-12852 was published May 24, 2022

Lack of validation in the HTML parser in RealObjects PDFreactor before 10.1.10722 leads to SSRF,... Critical Unreviewed

CVE-2019-12153 was published May 24, 2022

Server-side Request Forgery (SSRF) and File Enumeration vulnerability in Apache Roller 5.2.1, 5.2... Critical Unreviewed

CVE-2018-17198 was published May 24, 2022

OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF. Critical Unreviewed

CVE-2017-13667 was published May 24, 2022

Previous 1 2 3 4 5 6 7 8 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

180 advisories