Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,743
Erlang
35
GitHub Actions
29
Go
2,315
Maven
5,000+
npm
3,949
NuGet
711
pip
3,729
Pub
12
RubyGems
920
Rust
965
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

511 advisories

Loading
AEM Forms SP6 add-on for AEM 6.5.6.0 and Forms add-on package for AEM 6.4 Service Pack 8... Moderate Unreviewed
CVE-2020-24444 was published May 24, 2022
The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an... Moderate Unreviewed
CVE-2020-28978 was published May 24, 2022
The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerability. It allows an... Moderate Unreviewed
CVE-2020-28976 was published May 24, 2022
The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an... Moderate Unreviewed
CVE-2020-28977 was published May 24, 2022
A Server-Side Request Forgery (SSRF) affecting the PDF generation in MicroStrategy 10.4, 2019... Moderate Unreviewed
CVE-2020-24815 was published May 24, 2022
JetBrains YouTrack before 2020.3.5333 was vulnerable to SSRF. Moderate Unreviewed
CVE-2020-27626 was published May 24, 2022
JetBrains YouTrack before 2020.3.888 was vulnerable to SSRF. Moderate Unreviewed
CVE-2020-27624 was published May 24, 2022
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a server... Moderate Unreviewed
CVE-2020-27018 was published May 24, 2022
SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, 1905, 2005, allows an... Moderate Unreviewed
CVE-2020-26811 was published May 24, 2022
A remote server-side request forgery (ssrf) vulnerability was discovered in Aruba Airwave... Moderate Unreviewed
CVE-2020-7126 was published May 24, 2022
OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/message message API. Moderate Unreviewed
CVE-2020-15002 was published May 24, 2022
SAP BusinessObjects Business Intelligence Platform (Web Services) versions - 410, 420, 430,... Moderate Unreviewed
CVE-2020-6308 was published May 24, 2022
BigBlueButton before 2.2.7 allows remote authenticated users to read local files and conduct SSRF... Moderate Unreviewed
CVE-2020-25820 was published May 24, 2022
An SSRF issue was discovered in Zoho Application Control Plus before version 10.0.511. The mail... Moderate Unreviewed
CVE-2020-15594 was published May 24, 2022
Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputted properly. With cookie of... Moderate Unreviewed
CVE-2020-17386 was published May 24, 2022
** DISPUTED ** Prometheus Blackbox Exporter through 0.17.0 allows /probe?target= SSRF. NOTE:... Moderate Unreviewed
CVE-2020-16248 was published May 24, 2022
SAP Netweaver AS ABAP, versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754,... Moderate Unreviewed
CVE-2020-6275 was published May 24, 2022
IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to Server Side Request Forgery (SSRF). This may... Moderate Unreviewed
CVE-2020-4294 was published May 24, 2022
Microstrategy Web 10.4 is vulnerable to Server-Side Request Forgery in the Test Web Service... Moderate Unreviewed
CVE-2020-11453 was published May 24, 2022
OX App Suite through 7.10.2 allows SSRF. Moderate Unreviewed
CVE-2019-18846 was published May 24, 2022
An issue was discovered in Zoho ManageEngine Remote Access Plus 10.0.447. The service to test the... Moderate Unreviewed
CVE-2019-20474 was published May 24, 2022
An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local... Moderate Unreviewed
CVE-2020-8118 was published May 24, 2022
SysJust Syuan-Gu-Da-Shih, versions before 20191223, contain vulnerability of Request Forgery,... Moderate Unreviewed
CVE-2020-3938 was published May 24, 2022
LuquidPixels LiquiFire OS 4.8.0 allows SSRF via the call%3Durl substring followed by a URL in... Moderate Unreviewed
CVE-2019-20055 was published May 24, 2022
OX App Suite 7.10.1 and 7.10.2 allows SSRF. Moderate Unreviewed
CVE-2019-14225 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database