GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,089 advisories
Filter by severity
Lack of Input Validation in zendesk_api_client_php for Zendesk Subdomain
Critical
CVE-2021-30492
was published
for
zendesk/zendesk_api_client_php
(Composer)
Apr 29, 2021
SSRF in Sydent due to missing validation of hostnames
Moderate
CVE-2021-29431
was published
for
matrix-sydent
(pip)
Apr 19, 2021
Server-Side Request Forgery and Inclusion of Functionality from Untrusted Control Sphere in jsreport
High
CVE-2020-8128
was published
for
jsreport
(npm)
Apr 13, 2021
Server-Side Request Forgery in private-ip
Critical
CVE-2020-28360
was published
for
private-ip
(npm)
Apr 13, 2021
Server-side Request Forgery (SSRF) via img tags in reportlab
Moderate
CVE-2020-28463
was published
for
reportlab
(pip)
Mar 29, 2021
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
Moderate
CVE-2021-21349
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
Moderate
CVE-2021-21342
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
vrana/adminer vulnerable to SSRF by connecting to privileged ports
Moderate
CVE-2018-7667
was published
for
vrana/adminer
(Composer)
Feb 11, 2021
Server-side request forgery in CarrierWave
Moderate
CVE-2021-21288
was published
for
carrierwave
(RubyGems)
Feb 8, 2021
Axios vulnerable to Server-Side Request Forgery
Moderate
CVE-2020-28168
was published
for
axios
(npm)
Jan 4, 2021
Authenticated Server Side Request Forgery
Low
GHSA-8pfh-mm2g-hmc3
was published
for
shopware/core
(Composer)
Dec 21, 2020
Server-Side Forgery Request can be activated unmarshalling with XStream
High
CVE-2020-26258
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Dec 21, 2020
SSRF vulnerability in Apache Airflow
Moderate
CVE-2020-17513
was published
for
apache-airflow
(pip)
Dec 17, 2020
Server-Side Request Forgery in ftp-srv
High
GHSA-r4m5-47cq-6qg8
was published
for
ftp-srv
(npm)
Sep 4, 2020
Server-Side Request Forgery in html-pdf-chrome
High
GHSA-5p98-wpc9-g498
was published
for
html-pdf-chrome
(npm)
Sep 4, 2020
Server-Side Request Forgery in @uppy/companion
High
CVE-2020-8135
was published
for
@uppy/companion
(npm)
Sep 3, 2020
Server-Side Request Forgery in ftp-srv
Critical
CVE-2020-15152
was published
for
ftp-srv
(npm)
Aug 17, 2020
Server-Side Request Forgery in @uppy/companion
High
CVE-2020-8205
was published
for
@uppy/companion
(npm)
Aug 13, 2020
Server-Side Request Forgery (SSRF) in Apache Olingo
High
CVE-2020-1925
was published
for
org.apache.olingo:odata-client-core
(Maven)
Feb 4, 2020
graphite.composer.views.send_email vulnerable to SSRF
High
CVE-2017-18638
was published
for
graphite-web
(pip)
Oct 25, 2019
Server-Side Request Forgery in unoconv
High
CVE-2019-17400
was published
for
unoconv
(pip)
Oct 24, 2019
Server-Side Request Forgery in Hawt Hawtio
Critical
CVE-2019-9827
was published
for
io.hawt:hawtio-core
(Maven)
Jul 5, 2019
ProTip!
Advisories are also available from the
GraphQL API