Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,100 advisories

Loading
Django Access Control Bypass possibly leading to SSRF, RFI, and LFI attacks High
CVE-2021-33571 was published for Django (pip) Jun 10, 2021
tdunlap607
Server-Side Request Forgery in Feehi CMS Critical
CVE-2021-30108 was published for feehi/cms (Composer) Jun 8, 2021
Server-Side Request Forgery in yoast_seo Moderate
CVE-2021-31779 was published for yoast-seo-for-typo3/yoast_seo (Composer) May 21, 2021
Authorization service vulnerable to DDos attacks in Apache CFX High
CVE-2021-22696 was published for org.apache.cxf:apache-cxf (Maven) May 13, 2021
Server Side Request Forgery (SSRF) in org.mitre:openid-connect-server High
CVE-2021-26715 was published for org.mitre:openid-connect-server (Maven) May 13, 2021
Server-Side Request Forgery in node-pdf-generator High
CVE-2020-7740 was published for node-pdf-generator (npm) May 10, 2021
Server-Side Request Forgery in phantomjs-seo High
CVE-2020-7739 was published for phantomjs-seo (npm) May 10, 2021
Server-Side Request Forgery in Apache Solr High
CVE-2021-27905 was published for org.apache.solr:solr-parent (Maven) May 10, 2021
Server-Side Request Forgery in Spinnaker Orca High
CVE-2020-9298 was published for com.netflix.spinnaker.orca:orca-core (Maven) May 7, 2021
Server-side request forgery in Ghost CMS Moderate
CVE-2020-8134 was published for ghost (npm) May 6, 2021
libtaxii Server-Side Request Forgery vulnerability Critical
CVE-2020-27197 was published for libtaxii (pip) Apr 30, 2021
Lack of Input Validation in zendesk_api_client_php for Zendesk Subdomain Critical
CVE-2021-30492 was published for zendesk/zendesk_api_client_php (Composer) Apr 29, 2021
SSRF in Sydent due to missing validation of hostnames Moderate
CVE-2021-29431 was published for matrix-sydent (pip) Apr 19, 2021
Server-Side Request Forgery and Inclusion of Functionality from Untrusted Control Sphere in jsreport High
CVE-2020-8128 was published for jsreport (npm) Apr 13, 2021
Server-Side Request Forgery in private-ip Critical
CVE-2020-28360 was published for private-ip (npm) Apr 13, 2021
SSRF attacks via tracebacks in Plone High
CVE-2020-28735 was published for Plone (pip) Apr 7, 2021
Server-side Request Forgery (SSRF) via img tags in reportlab Moderate
CVE-2020-28463 was published for reportlab (pip) Mar 29, 2021
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host Moderate
CVE-2021-21349 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host Moderate
CVE-2021-21342 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
SSRF in Rendertron Moderate
CVE-2020-8902 was published for rendertron (npm) Mar 1, 2021
vrana/adminer vulnerable to SSRF by connecting to privileged ports Moderate
CVE-2018-7667 was published for vrana/adminer (Composer) Feb 11, 2021
SecGus
SSRF in adminer High
CVE-2021-21311 was published for vrana/adminer (Composer) Feb 11, 2021
bpsizemore UNC1739
Server-side request forgery in CarrierWave Moderate
CVE-2021-21288 was published for carrierwave (RubyGems) Feb 8, 2021
chadwilken phosphore
Axios vulnerable to Server-Side Request Forgery Moderate
CVE-2020-28168 was published for axios (npm) Jan 4, 2021
Authenticated Server Side Request Forgery Low
GHSA-8pfh-mm2g-hmc3 was published for shopware/core (Composer) Dec 21, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database