Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

33 advisories

Loading
Server-Side Request Forgery in Jenkins Moderate
CVE-2018-1000067 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Server-Side Request Forgery in Jenkins Git Plugin Moderate
CVE-2018-1000182 was published for org.jenkins-ci.plugins:git (Maven) May 14, 2022
URLTrigger Plugin server-side request forgery vulnerability Moderate
CVE-2018-1000606 was published for org.jenkins-ci.plugins:urltrigger (Maven) May 14, 2022
westonsteimel
Server-side request forgery in Apache Dubbo Moderate
CVE-2022-24969 was published for com.alibaba:dubbo (Maven) Jun 10, 2022
Nepxion Discovery vulnerable to potential Information Disclosure due to Server-Side Request Forgery Moderate
CVE-2022-23464 was published for com.nepxion:discovery (Maven) Sep 25, 2022
Keycloak vulnerable to Server-Side Request Forgery Moderate
CVE-2020-10770 was published for org.keycloak:keycloak-core (Maven) May 24, 2022
Server-Side Request Forgery in Apache Dubbo Moderate
CVE-2021-25640 was published for com.alibaba:dubbo (Maven) Mar 18, 2022
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host Moderate
CVE-2021-21349 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
Server-Side Request Forgery in Apache Kylin Moderate
CVE-2021-27738 was published for org.apache.kylin:kylin (Maven) Jan 8, 2022
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host Moderate
CVE-2021-21342 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
Apache Ambari SSRF Vulnerability Moderate
CVE-2015-1775 was published for org.apache.ambari:ambari (Maven) May 17, 2022
Apache Shenyu Server Side Request Forgery vulnerability Moderate
CVE-2023-25753 was published for org.apache.shenyu:shenyu-admin (Maven) Oct 19, 2023
WireMock Controlled Server Side Request Forgery vulnerability through URL Moderate
CVE-2023-41327 was published for org.wiremock:wiremock-webhooks-extension (Maven) Sep 6, 2023
W0rty oleg-nenashev
Mahoney tomakehurst
OpenRefine Server-Side Request Forgery vulnerability Moderate
CVE-2022-41401 was published for org.openrefine:main (Maven) Aug 4, 2023
Server-Side Request Forgery in Karaf Moderate
CVE-2020-11980 was published for org.apache.karaf.management:org.apache.karaf.management.server (Maven) Feb 10, 2022
Jenkins CAS Plugin Server-Side Request Forgery vulnerability Moderate
CVE-2018-1000188 was published for org.jenkins-ci.plugins:cas-plugin (Maven) May 14, 2022
Jenkins GitHub Branch Source Plugin vulnerable to Server-Side Request Forgery Moderate
CVE-2018-1000185 was published for org.jenkins-ci.plugins:github-branch-source (Maven) May 14, 2022
Apache Batik Server-Side Request Forgery Moderate
CVE-2022-38398 was published for org.apache.xmlgraphics:batik (Maven) Sep 23, 2022
Apache Batik vulnerable to Server-Side Request Forgery Moderate
CVE-2022-38648 was published for org.apache.xmlgraphics:batik (Maven) Sep 23, 2022
Apache Batik information disclosure vulnerability Moderate
CVE-2022-44730 was published for org.apache.xmlgraphics:batik-script (Maven) Aug 22, 2023
jkmartindale
Jenkins GitHub Plugin server-side request forgery vulnerability exists Moderate
CVE-2018-1000184 was published for com.coravy.hudson.plugins.github:github (Maven) May 14, 2022
Jenkins TraceTronic ECU-TEST Plugin server-side request forgery vulnerability Moderate
CVE-2018-1999026 was published for de.tracetronic.jenkins.plugins:ecutest (Maven) May 14, 2022
Jenkins Crowd 2 Integration Plugin server-side request forgery vulnerability Moderate
CVE-2018-1000422 was published for org.jenkins-ci.plugins:crowd2 (Maven) May 14, 2022
Server-Side Request Forgery (SSRF) in Jenkins Confluence Publisher Plugin Moderate
CVE-2018-1999039 was published for org.jenkins-ci.plugins:confluence-publisher (Maven) May 14, 2022
Server-side request forgery vulnerability in Jenkins Mesos Plugin Moderate
CVE-2018-1000421 was published for org.jenkins-ci.plugins:mesos (Maven) May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database