GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,089 advisories
Filter by severity
** DISPUTED ** The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the...
High
Unreviewed
CVE-2017-16870
was published
May 14, 2022
OX App Suite 7.8.4 and earlier allows SSRF.
Moderate
Unreviewed
CVE-2018-13103
was published
May 14, 2022
phpMyAdmin SSRF in replication
High
CVE-2017-1000017
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 14, 2022
Moodle SSRF Vulnerability
High
CVE-2019-6970
was published
for
moodle/moodle
(Composer)
May 14, 2022
In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading...
High
Unreviewed
CVE-2017-9066
was published
May 14, 2022
JEECMS 9 has SSRF via the ueditor/getRemoteImage.jspx upfile parameter.
Moderate
Unreviewed
CVE-2018-20528
was published
May 14, 2022
Server side request forgery exists in the runtime application in K2 smartforms 4.6.11 via a...
Moderate
Unreviewed
CVE-2018-9920
was published
May 14, 2022
GitLab Community and Enterprise Editions version 8.3 up to 10.x before 10.3 are vulnerable to...
Moderate
Unreviewed
CVE-2018-8801
was published
May 14, 2022
Rhymix CMS 1.9.8.1 allows SSRF via an index.php?module=admin&act=dispModuleAdminFileBox SVG upload.
Critical
Unreviewed
CVE-2018-19601
was published
May 14, 2022
The FTP service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices allows remote attackers...
Moderate
Unreviewed
CVE-2018-15516
was published
May 14, 2022
The Dundas BI server before 5.0.1.1010 is vulnerable to a Server-Side Request Forgery attack,...
High
Unreviewed
CVE-2018-18569
was published
May 14, 2022
An SSRF issue was discovered in 42Gears SureMDM before 2018-11-27 via the /api...
High
Unreviewed
CVE-2018-15657
was published
May 14, 2022
com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishandles the studioService...
Critical
Unreviewed
CVE-2019-8982
was published
May 14, 2022
The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to...
High
Unreviewed
CVE-2018-15517
was published
May 14, 2022
** DISPUTED ** The "secret chat" feature in Telegram 4.9.1 for Android has a "side channel" in...
High
Unreviewed
CVE-2018-20436
was published
May 14, 2022
The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9,...
Critical
Unreviewed
CVE-2018-18843
was published
May 14, 2022
qibosoft through V7 allows remote attackers to read arbitrary files via the member/index.php main...
High
Unreviewed
CVE-2019-5725
was published
May 14, 2022
** DISPUTED ** mPDF through 7.1.6, if deployed as a web application that accepts arbitrary HTML,...
Critical
Unreviewed
CVE-2018-19047
was published
May 14, 2022
OX App Suite 7.8.4 and earlier allows Server-Side Request Forgery.
Moderate
Unreviewed
CVE-2018-12609
was published
May 14, 2022
Jenkins Crowd 2 Integration Plugin server-side request forgery vulnerability
Moderate
CVE-2018-1000422
was published
for
org.jenkins-ci.plugins:crowd2
(Maven)
May 14, 2022
Server-side request forgery vulnerability in Jenkins Mesos Plugin
Moderate
CVE-2018-1000421
was published
for
org.jenkins-ci.plugins:mesos
(Maven)
May 14, 2022
Typecho V1.1 allows remote attackers to send shell commands via base64-encoded serialized data,...
Critical
Unreviewed
CVE-2018-18753
was published
May 14, 2022
An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before...
High
Unreviewed
CVE-2018-18646
was published
May 14, 2022
admin/functions/remote.php in Interspire Email Marketer through 6.1.6 has Server Side Request...
Moderate
Unreviewed
CVE-2018-19651
was published
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API