Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,089 advisories

Loading
** DISPUTED ** The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the... High Unreviewed
CVE-2017-16870 was published May 14, 2022
OX App Suite 7.8.4 and earlier allows SSRF. Moderate Unreviewed
CVE-2018-13103 was published May 14, 2022
phpMyAdmin SSRF in replication High
CVE-2017-1000017 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
Moodle SSRF Vulnerability High
CVE-2019-6970 was published for moodle/moodle (Composer) May 14, 2022
In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading... High Unreviewed
CVE-2017-9066 was published May 14, 2022
JEECMS 9 has SSRF via the ueditor/getRemoteImage.jspx upfile parameter. Moderate Unreviewed
CVE-2018-20528 was published May 14, 2022
Server side request forgery exists in the runtime application in K2 smartforms 4.6.11 via a... Moderate Unreviewed
CVE-2018-9920 was published May 14, 2022
GitLab Community and Enterprise Editions version 8.3 up to 10.x before 10.3 are vulnerable to... Moderate Unreviewed
CVE-2018-8801 was published May 14, 2022
Rhymix CMS 1.9.8.1 allows SSRF via an index.php?module=admin&act=dispModuleAdminFileBox SVG upload. Critical Unreviewed
CVE-2018-19601 was published May 14, 2022
The FTP service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices allows remote attackers... Moderate Unreviewed
CVE-2018-15516 was published May 14, 2022
The Dundas BI server before 5.0.1.1010 is vulnerable to a Server-Side Request Forgery attack,... High Unreviewed
CVE-2018-18569 was published May 14, 2022
An SSRF issue was discovered in 42Gears SureMDM before 2018-11-27 via the /api... High Unreviewed
CVE-2018-15657 was published May 14, 2022
com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishandles the studioService... Critical Unreviewed
CVE-2019-8982 was published May 14, 2022
The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to... High Unreviewed
CVE-2018-15517 was published May 14, 2022
** DISPUTED ** The "secret chat" feature in Telegram 4.9.1 for Android has a "side channel" in... High Unreviewed
CVE-2018-20436 was published May 14, 2022
The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9,... Critical Unreviewed
CVE-2018-18843 was published May 14, 2022
qibosoft through V7 allows remote attackers to read arbitrary files via the member/index.php main... High Unreviewed
CVE-2019-5725 was published May 14, 2022
** DISPUTED ** mPDF through 7.1.6, if deployed as a web application that accepts arbitrary HTML,... Critical Unreviewed
CVE-2018-19047 was published May 14, 2022
OX App Suite 7.8.4 and earlier allows Server-Side Request Forgery. Moderate Unreviewed
CVE-2018-12609 was published May 14, 2022
Jenkins Crowd 2 Integration Plugin server-side request forgery vulnerability Moderate
CVE-2018-1000422 was published for org.jenkins-ci.plugins:crowd2 (Maven) May 14, 2022
Server-side request forgery vulnerability in Jenkins Mesos Plugin Moderate
CVE-2018-1000421 was published for org.jenkins-ci.plugins:mesos (Maven) May 14, 2022
Jspxcms v9.0.0 allows SSRF. Critical Unreviewed
CVE-2018-20596 was published May 14, 2022
Typecho V1.1 allows remote attackers to send shell commands via base64-encoded serialized data,... Critical Unreviewed
CVE-2018-18753 was published May 14, 2022
An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before... High Unreviewed
CVE-2018-18646 was published May 14, 2022
admin/functions/remote.php in Interspire Email Marketer through 6.1.6 has Server Side Request... Moderate Unreviewed
CVE-2018-19651 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database