Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,354
Erlang
31
GitHub Actions
22
Go
2,120
Maven
5,000+
npm
3,779
NuGet
681
pip
3,460
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

427 advisories

Loading
Multiple server-side request forgery (SSRF) vulnerabilities in Yeager CMS 1.2.1 allow remote... High Unreviewed
CVE-2015-7570 was published May 14, 2022
Gogs and Gitea SSRF Vulnerability High
CVE-2018-15192 was published for code.gitea.io/gitea (Go) May 14, 2022
In Gogs 0.11.53, an attacker can use migrate to send arbitrary HTTP GET requests, leading to SSRF. High Unreviewed
CVE-2018-16409 was published May 14, 2022
An SSRF vulnerability was discovered in idreamsoft iCMS 7.0.11 because the remote function in app... High Unreviewed
CVE-2018-15895 was published May 14, 2022
Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory Federation Services) has an... High Unreviewed
CVE-2018-16794 was published May 14, 2022
Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability... High Unreviewed
CVE-2018-16793 was published May 14, 2022
The Omni Commerce Connect API (OCC) of SAP Hybris Commerce, versions 6.*, is vulnerable to server... High Unreviewed
CVE-2018-2463 was published May 14, 2022
An SSRF issue was discovered in tecrail Responsive FileManager 9.13.4 via the upload.php url... High Unreviewed
CVE-2018-18867 was published May 14, 2022
An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before... High Unreviewed
CVE-2018-18646 was published May 14, 2022
qibosoft through V7 allows remote attackers to read arbitrary files via the member/index.php main... High Unreviewed
CVE-2019-5725 was published May 14, 2022
** DISPUTED ** The "secret chat" feature in Telegram 4.9.1 for Android has a "side channel" in... High Unreviewed
CVE-2018-20436 was published May 14, 2022
The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to... High Unreviewed
CVE-2018-15517 was published May 14, 2022
An SSRF issue was discovered in 42Gears SureMDM before 2018-11-27 via the /api... High Unreviewed
CVE-2018-15657 was published May 14, 2022
The Dundas BI server before 5.0.1.1010 is vulnerable to a Server-Side Request Forgery attack,... High Unreviewed
CVE-2018-18569 was published May 14, 2022
In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading... High Unreviewed
CVE-2017-9066 was published May 14, 2022
Moodle SSRF Vulnerability High
CVE-2019-6970 was published for moodle/moodle (Composer) May 14, 2022
phpMyAdmin SSRF in replication High
CVE-2017-1000017 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
** DISPUTED ** The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the... High Unreviewed
CVE-2017-16870 was published May 14, 2022
A Server-Side Request Forgery (SSRF) vulnerability exists in MicroStrategy Web SDK 11.1 and... High Unreviewed
CVE-2020-22983 was published May 14, 2022
A server-side request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250... High Unreviewed
CVE-2018-7516 was published May 13, 2022
The Ping() function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint... High Unreviewed
CVE-2017-17697 was published May 13, 2022
A Server Side Request Forgery (SSRF) vulnerability in tools/files/importers/remote.php in... High Unreviewed
CVE-2018-13790 was published May 13, 2022
elFinder Server Side Request Forgery (SSRF) High
CVE-2019-6257 was published for studio-42/elfinder (Composer) May 13, 2022
In Progress Ipswitch WhatsUp Gold 21.0.0 through 21.1.1, and 22.0.0, it is possible for an... High Unreviewed
CVE-2022-29847 was published May 12, 2022
Server-Side Request Forgery in scout-browser High
CVE-2022-1592 was published for scout-browser (pip) May 6, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database