Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,709
Erlang
34
GitHub Actions
28
Go
2,296
Maven
5,000+
npm
3,942
NuGet
708
pip
3,711
Pub
12
RubyGems
920
Rust
959
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

196 advisories

Loading
Server-side request forgery (SSRF) in the Import XML and RSS Feeds (import-xml-feed) plugin 2.0.1... Critical Unreviewed
CVE-2020-24148 was published May 24, 2022
Server-side request forgery (SSR) vulnerability in the WP Smart Import (wp-smart-import) plugin 1... Critical Unreviewed
CVE-2020-24147 was published May 24, 2022
Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to Server-Side Request Forgery ... Critical Unreviewed
CVE-2021-31531 was published May 24, 2022
When requests to the internal network for webhooks are enabled, a server-side request forgery... Critical Unreviewed
CVE-2021-22175 was published May 24, 2022
Webtools in Brocade SANnav before version 2.1.1 allows unauthenticated users to make requests to... Critical Unreviewed
CVE-2020-15377 was published May 24, 2022
Server-Side Request Forgery (SSRF) vulnerability in webapi component in Synology Video Station... Critical Unreviewed
CVE-2021-33181 was published May 24, 2022
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input... Critical Unreviewed
CVE-2021-21985 was published May 24, 2022
BMC Remedy Mid Tier 9.1SP3 is affected by remote and local file inclusion. Due to the lack of... Critical Unreviewed
CVE-2017-17674 was published May 24, 2022
A remote server side request forgery (SSRF) remote code execution vulnerability was discovered in... Critical Unreviewed
CVE-2021-29145 was published May 24, 2022
A server-side request forgery (SSRF) vulnerability in the addCustomThemePluginRepository function... Critical Unreviewed
CVE-2020-35313 was published May 24, 2022
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x... Critical Unreviewed
CVE-2021-22986 was published May 24, 2022
MuleSoft is aware of a Server Side Request Forgery vulnerability affecting certain versions of a... Critical Unreviewed
CVE-2021-1627 was published May 24, 2022
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021... Critical Unreviewed
CVE-2021-26855 was published May 24, 2022
Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter. Critical Unreviewed
CVE-2021-27670 was published May 24, 2022
A server-side request forgery (SSRF) vulnerability in Upgrade.php of gopeak masterlab 2.1.5, via... Critical Unreviewed
CVE-2020-23534 was published May 24, 2022
Friendica 2021.01 allows SSRF via parse_url?binurl= for DNS lookups or HTTP requests to arbitrary... Critical Unreviewed
CVE-2021-27329 was published May 24, 2022
Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to... Critical Unreviewed
CVE-2021-27103 was published May 24, 2022
** UNSUPPORTED WHEN ASSIGNED ** Server Side Request Forgery (SSRF) in Web Compliance Manager in... Critical Unreviewed
CVE-2020-35205 was published May 24, 2022
Esri ArcGIS Server before 10.8 is vulnerable to SSRF in some configurations. Critical Unreviewed
CVE-2020-35712 was published May 24, 2022
Insufficient validation in the Bitdefender Update Server and BEST Relay components of Bitdefender... Critical Unreviewed
CVE-2020-15297 was published May 24, 2022
SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or... Critical Unreviewed
CVE-2020-24881 was published May 24, 2022
A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely... Critical Unreviewed
CVE-2020-25466 was published May 24, 2022
Emby Server before 4.5.0 allows SSRF via the Items/RemoteSearch/Image ImageURL parameter. Critical Unreviewed
CVE-2020-26948 was published May 24, 2022
An SSRF issue was discovered in Enghouse Web Chat 6.1.300.31. In any POST request, one can... Critical Unreviewed
CVE-2019-16948 was published May 24, 2022
An SSRF issue was discovered in the legacy Web launcher in Thycotic Secret Server before 10.7. Critical Unreviewed
CVE-2019-18355 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database