GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,184
Composer 4,340
Erlang 31
GitHub Actions 22
Go 2,101
Maven 5,279
npm 3,764
NuGet 679
pip 3,451
Pub 12
RubyGems 892
Rust 885
Swift 37

Unreviewed advisories

All unreviewed 242,936

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

180 advisories

Filter by severity

Sort by

Least recently updated

com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishandles the studioService... Critical Unreviewed

CVE-2019-8982 was published May 14, 2022

Rhymix CMS 1.9.8.1 allows SSRF via an index.php?module=admin&act=dispModuleAdminFileBox SVG upload. Critical Unreviewed

CVE-2018-19601 was published May 14, 2022

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before... Critical Unreviewed

CVE-2019-9174 was published May 14, 2022

upload.php in Responsive FileManager 9.13.1 allows SSRF via the url parameter. Critical Unreviewed

CVE-2018-14728 was published May 14, 2022

Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF. Critical Unreviewed

CVE-2019-3905 was published May 14, 2022

Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an... Critical Unreviewed

CVE-2018-0398 was published May 13, 2022

Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an... Critical Unreviewed

CVE-2018-0399 was published May 13, 2022

Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center... Critical Unreviewed

CVE-2018-0403 was published May 13, 2022

IBM API Connect v2018.1.0 through v2018.3.4 could allow an attacker to send a specially crafted... Critical Unreviewed

CVE-2018-1789 was published May 13, 2022

IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal can be exploited by app developers to... Critical Unreviewed

CVE-2019-4203 was published May 13, 2022

Server Side Request Forgery vulnerability in Vebto Pixie Image Editor 1.4 and 1.7 allows remote... Critical Unreviewed

CVE-2017-12905 was published May 13, 2022

A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to... Critical Unreviewed

CVE-2018-10511 was published May 13, 2022

The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 (the... Critical Unreviewed

CVE-2019-3395 was published May 13, 2022

The iot-manager microservice 1.0.0 in Northern.tech Mender Enterprise before 3.2.2 allows SSRF... Critical Unreviewed

CVE-2022-29556 was published Apr 29, 2022

Monstaftp v2.10.3 was discovered to allow attackers to execute Server-Side Request Forgery (SSRF). Critical Unreviewed

CVE-2022-27469 was published Apr 27, 2022

Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via ... Critical Unreviewed

CVE-2022-27429 was published Apr 26, 2022

A vulnerability in all versions of SCT/SCT Pro prior to version 14.2.2 allows a remote... Critical Unreviewed

CVE-2021-36203 was published Apr 23, 2022

An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to... Critical Unreviewed

CVE-2022-26499 was published Apr 16, 2022

Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18. Critical Unreviewed

CVE-2022-0939 was published Apr 5, 2022

Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18. Critical Unreviewed

CVE-2022-0990 was published Apr 5, 2022

A vulnerability was discovered in GitLab starting with version 12. GitLab was vulnerable to a... Critical Unreviewed

CVE-2022-0249 was published Mar 29, 2022

The FormCraft WordPress plugin before 3.8.28 does not validate the URL parameter in the... Critical Unreviewed

CVE-2022-0591 was published Mar 22, 2022

An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between... Critical Unreviewed

CVE-2021-45967 was published Mar 19, 2022

JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF). Critical Unreviewed

CVE-2022-25260 was published Feb 26, 2022

This vulnerability could allow an attacker to force the server to create and execute a web... Critical Unreviewed

CVE-2022-21215 was published Feb 19, 2022

Previous 1 2 3 4 5 6 7 8 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

180 advisories