Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

282 advisories

Loading
jackson-dataformat-xml vulnerable to server side request forgery (SSRF) High
CVE-2016-7051 was published for com.fasterxml.jackson.dataformat:jackson-dataformat-xml (Maven) Oct 18, 2018
Server-Side Request Forgery in terriajs-server High
GHSA-p72p-rjr2-r439 was published for terriajs-server (npm) May 29, 2019
Server-Side Request Forgery (SSRF) in Apache Olingo High
CVE-2020-1925 was published for org.apache.olingo:odata-client-core (Maven) Feb 4, 2020
High severity vulnerability that affects DotNetNuke.Core High
CVE-2017-0929 was published for DotNetNuke.Core (NuGet) Oct 16, 2018
Critical severity vulnerability that affects recurly-api-client Critical
CVE-2017-0907 was published for recurly-api-client (NuGet) Oct 16, 2018
Server Side Request Forgery in svgSalamander High
CVE-2017-5617 was published for com.kitfox.svg:svg-salamander (Maven) Oct 19, 2018
Server-Side Request Forgery (SSRF) in jackson-databind Critical
CVE-2018-14721 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jan 4, 2019
Authenticated Server Side Request Forgery Low
GHSA-8pfh-mm2g-hmc3 was published for shopware/core (Composer) Dec 21, 2020
Server-Side Request Forgery in @uppy/companion High
CVE-2020-8135 was published for @uppy/companion (npm) Sep 3, 2020
Harbor is vulnerable to a limited Server-Side Request Forgery (SSRF) (CVE-2020-13788) Low
CVE-2020-13788 was published for github.com/goharbor/harbor (Go) Feb 11, 2022
Lack of Input Validation in zendesk_api_client_php for Zendesk Subdomain Critical
CVE-2021-30492 was published for zendesk/zendesk_api_client_php (Composer) Apr 29, 2021
Server-Side Request Forgery (SSRF) in org.apache.solr:solr-core High
CVE-2017-3164 was published for org.apache.solr:solr-core (Maven) Mar 14, 2019
SSRF in repository migration Moderate
GHSA-q347-cg56-pcq4 was published for gogs.io/gogs (Go) Mar 14, 2022
michaellrowley
Server-Side Request Forgery in html-pdf-chrome High
GHSA-5p98-wpc9-g498 was published for html-pdf-chrome (npm) Sep 4, 2020
westy92
RSSHub SSRF vulnerability High
CVE-2023-22493 was published for rsshub (npm) Jan 11, 2023
dwisiswant0
paperclip Server-Side Request Forgery vulnerability Critical
CVE-2017-0889 was published for paperclip (RubyGems) Jan 22, 2018
SSRF in repository migration Moderate
CVE-2022-0870 was published for gogs.io/gogs (Go) Mar 12, 2022
Server-Side Request Forgery in FUXA High
CVE-2021-45851 was published for @frangoteam/fuxa (npm) Mar 17, 2022
Server side request forgery in C1 CMS High
CVE-2022-24789 was published for C1CMS.Assemblies (NuGet) Mar 30, 2022
Server side request forgery in LiveHelperChat High
CVE-2022-1213 was published for remdex/livehelperchat (Composer) Apr 6, 2022
Smokescreen SSRF via deny list bypass Moderate
CVE-2022-24825 was published for github.com/stripe/smokescreen (Go) Apr 7, 2022
gregxsunday
Server-Side Request Forgery in Jenkins Moderate
CVE-2018-1000067 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Server-Side Request Forgery (SSRF) in Shopware High
CVE-2022-24871 was published for shopware/core (Composer) Apr 22, 2022
shyim
Server-Side Request Forgery in Jenkins Git Plugin Moderate
CVE-2018-1000182 was published for org.jenkins-ci.plugins:git (Maven) May 14, 2022
Server-Side Request Forgery in charm Critical
CVE-2022-29180 was published for github.com/charmbracelet/charm (Go) May 24, 2022
ProTip! Advisories are also available from the GraphQL API