GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
118 advisories
Filter by severity
Server-Side Request Forgery and Open Redirect in AllTube Download
High
CVE-2022-24739
was published
for
rudloff/alltube
(Composer)
Mar 9, 2022
Incorrect Authorization in @uppy/companion
High
CVE-2022-0528
was published
for
@uppy/companion
(npm)
Mar 4, 2022
SSRF in Kitodo.Presentation
High
CVE-2022-24980
was published
for
kitodo/presentation
(Composer)
Feb 20, 2022
Server-side request forgery (SSRF) in Apache Batik
High
CVE-2019-17566
was published
for
org.apache.xmlgraphics:batik
(Maven)
Feb 9, 2022
Server-side request forgery (SSRF) in Apache XmlGraphics Commons
High
CVE-2020-11988
was published
for
org.apache.xmlgraphics:xmlgraphics-commons
(Maven)
Feb 9, 2022
Server-Side Request Forgery in Apache Traffic Control
High
CVE-2022-23206
was published
for
github.com/apache/trafficcontrol
(Go)
Feb 7, 2022
Server side request forgery in @isomorphic-git/cors-proxy
High
CVE-2021-23664
was published
for
@isomorphic-git/cors-proxy
(npm)
Jan 26, 2022
Cross-site Scripting in HTML2PDF
High
CVE-2021-45394
was published
for
spipu/html2pdf
(Composer)
Jan 21, 2022
uppy's companion module is vulnerable to Server-Side Request Forgery (SSRF)
High
CVE-2022-0086
was published
for
uppy
(npm)
Jan 6, 2022
Server-side request forgery (SSRF) in Apache Batik
High
CVE-2020-11987
was published
for
org.apache.xmlgraphics:batik-svgbrowser
(Maven)
Jan 6, 2022
Server-Side Request Forgery in snipe/snipe-it
High
CVE-2021-4075
was published
for
snipe/snipe-it
(Composer)
Dec 10, 2021
Server-Side Request Forgery vulnerability in concrete5
High
CVE-2021-22958
was published
for
concrete5/concrete5
(Composer)
Oct 12, 2021
Response Splitting from unsanitized headers
High
CVE-2021-41084
was published
for
org.http4s:http4s-client
(Maven)
Sep 22, 2021
Server-Side Request Forgery in UReport
High
CVE-2020-21122
was published
for
com.bstek.ureport:ureport2-console
(Maven)
Sep 20, 2021
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
High
CVE-2021-39150
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
High
CVE-2021-39152
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
Authenticated server-side request forgery in file upload via URL.
High
CVE-2021-37711
was published
for
shopware/core
(Composer)
Aug 23, 2021
Django Access Control Bypass possibly leading to SSRF, RFI, and LFI attacks
High
CVE-2021-33571
was published
for
Django
(pip)
Jun 10, 2021
Authorization service vulnerable to DDos attacks in Apache CFX
High
CVE-2021-22696
was published
for
org.apache.cxf:apache-cxf
(Maven)
May 13, 2021
Server Side Request Forgery (SSRF) in org.mitre:openid-connect-server
High
CVE-2021-26715
was published
for
org.mitre:openid-connect-server
(Maven)
May 13, 2021
Server-Side Request Forgery in node-pdf-generator
High
CVE-2020-7740
was published
for
node-pdf-generator
(npm)
May 10, 2021
Server-Side Request Forgery in phantomjs-seo
High
CVE-2020-7739
was published
for
phantomjs-seo
(npm)
May 10, 2021
Server-Side Request Forgery in Apache Solr
High
CVE-2021-27905
was published
for
org.apache.solr:solr-parent
(Maven)
May 10, 2021
Server-Side Request Forgery in Spinnaker Orca
High
CVE-2020-9298
was published
for
com.netflix.spinnaker.orca:orca-core
(Maven)
May 7, 2021
ProTip!
Advisories are also available from the
GraphQL API