GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
52 advisories
Filter by severity
Server-Side Request Forgery in terriajs-server
High
GHSA-p72p-rjr2-r439
was published
for
terriajs-server
(npm)
May 29, 2019
Server-Side Request Forgery in @uppy/companion
High
CVE-2020-8205
was published
for
@uppy/companion
(npm)
Aug 13, 2020
Server-Side Request Forgery in ftp-srv
Critical
CVE-2020-15152
was published
for
ftp-srv
(npm)
Aug 17, 2020
Server-Side Request Forgery in @uppy/companion
High
CVE-2020-8135
was published
for
@uppy/companion
(npm)
Sep 3, 2020
Server-Side Request Forgery in html-pdf-chrome
High
GHSA-5p98-wpc9-g498
was published
for
html-pdf-chrome
(npm)
Sep 4, 2020
Server-Side Request Forgery in ftp-srv
High
GHSA-r4m5-47cq-6qg8
was published
for
ftp-srv
(npm)
Sep 4, 2020
Axios vulnerable to Server-Side Request Forgery
Moderate
CVE-2020-28168
was published
for
axios
(npm)
Jan 4, 2021
Server-Side Request Forgery in private-ip
Critical
CVE-2020-28360
was published
for
private-ip
(npm)
Apr 13, 2021
Server-Side Request Forgery and Inclusion of Functionality from Untrusted Control Sphere in jsreport
High
CVE-2020-8128
was published
for
jsreport
(npm)
Apr 13, 2021
Server-side request forgery in Ghost CMS
Moderate
CVE-2020-8134
was published
for
ghost
(npm)
May 6, 2021
Server-Side Request Forgery in phantomjs-seo
High
CVE-2020-7739
was published
for
phantomjs-seo
(npm)
May 10, 2021
Server-Side Request Forgery in node-pdf-generator
High
CVE-2020-7740
was published
for
node-pdf-generator
(npm)
May 10, 2021
Server-Side Request Forgery in ssrf-agent
Moderate
CVE-2021-23718
was published
for
ssrf-agent
(npm)
Dec 2, 2021
Server side request forgery in SwaggerUI
Moderate
GHSA-qrmm-w75w-3wpx
was published
for
Swashbuckle.AspNetCore.SwaggerUI
(npm)
Dec 9, 2021
uppy's companion module is vulnerable to Server-Side Request Forgery (SSRF)
High
CVE-2022-0086
was published
for
uppy
(npm)
Jan 6, 2022
Server side request forgery in @isomorphic-git/cors-proxy
High
CVE-2021-23664
was published
for
@isomorphic-git/cors-proxy
(npm)
Jan 26, 2022
Server-Side Request Forgery in @peertube/embed-api
Moderate
CVE-2022-0508
was published
for
@peertube/embed-api
(npm)
Feb 9, 2022
Incorrect Authorization in @uppy/companion
High
CVE-2022-0528
was published
for
@uppy/companion
(npm)
Mar 4, 2022
Spoofing attack in swagger-ui
Moderate
CVE-2018-25031
was published
for
swagger-ui
(npm)
Mar 12, 2022
Server-Side Request Forgery in FUXA
High
CVE-2021-45851
was published
for
@frangoteam/fuxa
(npm)
Mar 17, 2022
Server-Side Request Forgery in kityminder
Critical
CVE-2022-31830
was published
for
kityminder
(npm)
Jun 10, 2022
NocoDB information disclosure vulnerability
High
CVE-2022-2062
was published
for
nocodb
(npm)
Jun 14, 2022
Server-Side Request Forgery in Directus
Moderate
CVE-2022-23080
was published
for
directus
(npm)
Jun 23, 2022
Server-Side Request Forgery in parse-url
Critical
CVE-2022-2216
was published
for
parse-url
(npm)
Jun 28, 2022
ProTip!
Advisories are also available from the
GraphQL API