Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+

85 advisories

Loading
CometVisu Backend for openHAB affected by SSRF/XSS High
CVE-2024-42467 was published for org.openhab.ui.bundles:org.openhab.ui.cometvisu (Maven) Aug 9, 2024
p- peuter
Apache StreamPipes has possibility of SSRF in pipeline element installation process Moderate
CVE-2024-31979 was published for org.apache.streampipes:streampipes-parent (Maven) Jul 17, 2024
Apache CXF: SSRF vulnerability via WADL stylesheet parameter Moderate
CVE-2024-29736 was published for org.apache.cxf:cxf-rt-rs-service-description (Maven) Jul 19, 2024
SSRF vulnerability using the Aegis DataBinding in Apache CXF Critical
CVE-2024-28752 was published for org.apache.cxf:cxf-core (Maven) Mar 15, 2024
Apache HugeGraph-Hubble: SSRF in Hubble connection page Moderate
CVE-2024-27347 was published for org.apache.hugegraph:hugegraph-hubble (Maven) Apr 22, 2024
Server Side Request Forgery in Apache Axis High
CVE-2019-0227 was published for axis:axis (Maven) May 14, 2019
ebickle
WildFly Elytron: SSRF security issue High
CVE-2024-1233 was published for org.wildfly.security:wildfly-elytron-realm-token (Maven) Apr 9, 2024
Apache Karaf Cave: Cave SSRF and arbitrary file access Critical
CVE-2024-34365 was published for org.apache.karaf:cave (Maven) May 14, 2024
Apache Axis Improper Input Validation vulnerability High
CVE-2023-51441 was published for axis:axis (Maven) Jan 6, 2024
ebickle
Unsecured WMS dynamic styling sld=<url> parameter affords blind unauthenticated SSRF Moderate
CVE-2023-41339 was published for org.geoserver.web:gs-web-app (Maven) Oct 24, 2023
thomsmith remsio-syn
us3r777 mprins
XXL-JOB vulnerable to Server-Side Request Forgery High
CVE-2024-24113 was published for com.xuxueli:xxl-job (Maven) Feb 8, 2024
SSRF vulnerability in Jenkins Bitbucket Push and Pull Request Plugin allows capturing credentials High
CVE-2023-41937 was published for io.jenkins.plugins:bitbucket-push-and-pull-request (Maven) Sep 6, 2023
Jenkins Mattermost Notification Plugin vulnerable to SSRF Moderate
CVE-2019-1003026 was published for org.jenkins-ci.plugins:mattermost (Maven) May 13, 2022
SSRF vulnerability due to missing permission check in Jenkins OctopusDeploy Plugin Moderate
CVE-2019-1003027 was published for hudson.plugins.octopusdeploy:octopusdeploy (Maven) May 13, 2022
SSRF vulnerability due to missing permission check in Jenkins JMS Messaging Plugin Moderate
CVE-2019-1003028 was published for org.jenkins-ci.plugins:jms-messaging (Maven) May 13, 2022
Jenkins Kanboard Plugin vulnerable to Server-side request forgery (SSRF) Moderate
CVE-2019-1003020 was published for org.jenkins-ci.plugins:kanboard (Maven) May 13, 2022
Server-side request forgery vulnerability in Jenkins Mesos Plugin Moderate
CVE-2018-1000421 was published for org.jenkins-ci.plugins:mesos (Maven) May 14, 2022
Server-Side Request Forgery (SSRF) in Jenkins Confluence Publisher Plugin Moderate
CVE-2018-1999039 was published for org.jenkins-ci.plugins:confluence-publisher (Maven) May 14, 2022
Apache Batik vulnerable to Server-Side Request Forgery High
CVE-2022-40146 was published for org.apache.xmlgraphics:batik (Maven) Sep 23, 2022
Jenkins Crowd 2 Integration Plugin server-side request forgery vulnerability Moderate
CVE-2018-1000422 was published for org.jenkins-ci.plugins:crowd2 (Maven) May 14, 2022
Jenkins TraceTronic ECU-TEST Plugin server-side request forgery vulnerability Moderate
CVE-2018-1999026 was published for de.tracetronic.jenkins.plugins:ecutest (Maven) May 14, 2022
Jenkins GitHub Plugin server-side request forgery vulnerability exists Moderate
CVE-2018-1000184 was published for com.coravy.hudson.plugins.github:github (Maven) May 14, 2022
Apache XML Graphics Batik Server-Side Request Forgery vulnerability High
CVE-2022-44729 was published for org.apache.xmlgraphics:batik-bridge (Maven) Aug 22, 2023
Apache Batik information disclosure vulnerability Moderate
CVE-2022-44730 was published for org.apache.xmlgraphics:batik-script (Maven) Aug 22, 2023
jkmartindale
Apache XML Graphics Batik vulnerable to code execution via SVG. High
CVE-2022-41704 was published for org.apache.xmlgraphics:batik (Maven) Oct 25, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database