Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

798 advisories

Loading
A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of... High Unreviewed
CVE-2021-3552 was published Nov 25, 2021
The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Request Forgery) vulnerability... Critical Unreviewed
CVE-2021-22049 was published Nov 25, 2021
Dell EMC Streaming Data Platform versions before 1.3 contain a Server Side Request Forgery... Moderate Unreviewed
CVE-2021-36327 was published Dec 1, 2021
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to an SSRF attack in ActionExecutor. High Unreviewed
CVE-2021-43296 was published Dec 1, 2021
IBM QRadar SIEM 7.3 and 7.4 is vulnerable to server side request forgery (SSRF). This may allow... Moderate Unreviewed
CVE-2021-29863 was published Dec 2, 2021
An issue was discovered in Jamf Pro before 10.32.0, aka PI-009921. An account can be granted... High Unreviewed
CVE-2021-40809 was published Dec 2, 2021
An SSRF issue was discovered in SquaredUp for SCOM 5.2.1.6654. Critical Unreviewed
CVE-2021-40091 was published Dec 7, 2021
An information disclosure via GET request server-side request forgery vulnerability was... Moderate Unreviewed
CVE-2021-37940 was published Dec 8, 2021
IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x is vulnerable to server-side request forgery ... High Unreviewed
CVE-2021-39057 was published Dec 14, 2021
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.5 before 14... High Unreviewed
CVE-2021-39935 was published Dec 14, 2021
The Zoom Client for Meetings before version 5.7.3 (for Android, iOS, Linux, macOS, and Windows)... Moderate Unreviewed
CVE-2021-34425 was published Dec 15, 2021
A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of... High Unreviewed
CVE-2021-3959 was published Dec 17, 2021
VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0... High Unreviewed
CVE-2021-22054 was published Dec 18, 2021
VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3... High Unreviewed
CVE-2021-22056 was published Dec 21, 2021
Adding a new pipeline in GoCD server version 21.3.0 has a functionality that could be abused to... Critical Unreviewed
CVE-2021-44659 was published Dec 23, 2021
PartKeepr versions up to v1.4.0, in the functionality to upload attachments using a URL when... Moderate Unreviewed
CVE-2022-22702 was published Jan 11, 2022
peertube is vulnerable to Server-Side Request Forgery (SSRF) High Unreviewed
CVE-2022-0132 was published Jan 11, 2022
SSRF vulnerability in M-Files Server products with versions before 22.1.11017.1, in a preview... Moderate Unreviewed
CVE-2021-41809 was published Jan 19, 2022
Server side request forgery protections in GitLab CE/EE versions between 8.4 and 14.4.x, between... Moderate Unreviewed
CVE-2021-39927 was published Jan 19, 2022
Dell EMC Data Protection Central versions 19.5 and prior contain a Server Side Request Forgery... Moderate Unreviewed
CVE-2021-36349 was published Jan 25, 2022
A limited SSRF vulnerability was discovered on Western Digital My Cloud devices that could allow... High Unreviewed
CVE-2022-22993 was published Jan 29, 2022
A CWE-918 Server-Side Request Forgery (SSRF) vulnerability exists that could cause the station... High Unreviewed
CVE-2021-22821 was published Jan 29, 2022
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use user-controlled input to craft a URL,... Critical Unreviewed
CVE-2021-42637 was published Feb 9, 2022
In ArangoDB, versions v3.7.0 through v3.9.0-alpha.1 have a feature which allows downloading a... Low Unreviewed
CVE-2021-25939 was published Feb 10, 2022
The OIDC OP plugin before 3.0.4 for Shibboleth Identity Provider allows server-side request... High Unreviewed
CVE-2022-24129 was published Feb 10, 2022
ProTip! Advisories are also available from the GraphQL API