Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

478 advisories

Loading
SSRF in repository migration Moderate
GHSA-q347-cg56-pcq4 was published for gogs.io/gogs (Go) Mar 14, 2022
michaellrowley
SSRF in repository migration Moderate
CVE-2022-0870 was published for gogs.io/gogs (Go) Mar 12, 2022
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to server-side request... Moderate Unreviewed
CVE-2021-39051 was published Mar 15, 2022
The DefaultRepositoryAdminService class in Fisheye and Crucible before version 4.8.9 allowed... Moderate Unreviewed
CVE-2021-43954 was published Mar 15, 2022
Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF. Moderate Unreviewed
CVE-2022-27907 was published Mar 31, 2022
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 14... Moderate Unreviewed
CVE-2022-1188 was published Apr 5, 2022
Smokescreen SSRF via deny list bypass Moderate
CVE-2022-24825 was published for github.com/stripe/smokescreen (Go) Apr 7, 2022
gregxsunday
Dr Trust USA iCheck Connect BP Monitor BP Testing 118 version 1.2.1 is vulnerable to Transmitting... Moderate Unreviewed
CVE-2020-27375 was published Apr 8, 2022
OX App Suite through 7.10.6 allows SSRF because the anti-SSRF protection mechanism only checks... Moderate Unreviewed
CVE-2022-37313 was published Dec 26, 2022
Server-side request forgery (SSRF) vulnerability in feed-proxy.php in extjs 5.0.0. Moderate Unreviewed
CVE-2007-6758 was published Apr 21, 2022
Server-Side Request Forgery in Jenkins Moderate
CVE-2018-1000067 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Server-Side Request Forgery in Jenkins Git Plugin Moderate
CVE-2018-1000182 was published for org.jenkins-ci.plugins:git (Maven) May 14, 2022
IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to Server Side Request Forgery (SSRF). This may... Moderate Unreviewed
CVE-2020-4294 was published May 24, 2022
URLTrigger Plugin server-side request forgery vulnerability Moderate
CVE-2018-1000606 was published for org.jenkins-ci.plugins:urltrigger (Maven) May 14, 2022
westonsteimel
Smokescreen SSRF via deny list bypass (square brackets) Moderate
CVE-2022-29188 was published for github.com/stripe/smokescreen (Go) May 24, 2022
Haxatron
The WidgetConnector plugin in Confluence Server and Confluence Data Center before version 5.8.6... Moderate Unreviewed
CVE-2021-26072 was published May 24, 2022
Server-side request forgery in Apache Dubbo Moderate
CVE-2022-24969 was published for com.alibaba:dubbo (Maven) Jun 10, 2022
Some part of SAP NetWeaver (EP Web Page Composer) does not sufficiently validate an XML document... Moderate Unreviewed
CVE-2022-28217 was published Jun 14, 2022
SAP NetWeaver, ABAP Platform and SAP Host Agent - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7... Moderate Unreviewed
CVE-2022-29612 was published Jun 15, 2022
In Recipes, versions 0.9.1 through 1.2.5 are vulnerable to Server Side Request Forgery (SSRF), in... Moderate Unreviewed
CVE-2022-23071 was published Jun 20, 2022
The GeoAnalytics feature in Qlik Sense April 2020 patch 4 allows SSRF. Moderate Unreviewed
CVE-2021-36761 was published Jun 22, 2022
OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via... Moderate Unreviewed
CVE-2022-34011 was published Jun 24, 2022
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request... Moderate Unreviewed
CVE-2021-20544 was published Jun 25, 2022
A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated... Moderate Unreviewed
CVE-2022-26135 was published Jul 1, 2022
In FineCMS before 2017-07-06, application/lib/ajax/get_image_data.php has SSRF, related to... Moderate Unreviewed
CVE-2017-10973 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database