Explore CVEs related to SSRF vulnerabilities, filtered by published year. This list is sorted by most recent disclosures first and supports filtering by CVSS and EPSS risk scores.
Includes the most recent vulnerability disclosures and trends, helping security teams quickly identify high-risk issues and exploitation likelihood.
You're viewing SSRF CVEs published in 2021. View full CVE list
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2021-44659 | Adding a new pipeline in GoCD server version 21.3.0 has a functionality that could be abused to do an un-intended action in order to achieve a Server Side Request Forgery (SSRF). NOTE: the vendor's position is that the observed behavior is not a vulnerability, because the product's design allows an admin to configure outbound requests | 9.8 | 2.52% | 2021-12-22 | 2026-06-17 |
| CVE-2021-22056 | VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. A malicious actor with network access may be able to make HTTP requests to arbitrary origins and read the full response. | 7.5 | 1.56% | 2021-12-20 | 2026-06-16 |
| CVE-2021-22054 KEV | VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information. | 7.5 | 97.71% | 2021-12-17 | 2026-06-16 |
| CVE-2021-3959 | A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Bitdefender GravityZone versions prior to 3.3.8.272 | 6.8 | 1.69% | 2021-12-16 | 2026-06-17 |
| CVE-2021-34425 | The Zoom Client for Meetings before version 5.7.3 (for Android, iOS, Linux, macOS, and Windows) contain a server side request forgery vulnerability in the chat\'s "link preview" functionality. In versions prior to 5.7.3, if a user were to enable the chat\'s "link preview" feature, a malicious actor could trick the user into potentially sending arbitrary HTTP GET requests to URLs that the actor cannot reach directly. | 4.7 | 0.93% | 2021-12-14 | 2026-06-16 |
| CVE-2021-39057 | IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 214616. | 8.1 | 0.49% | 2021-12-13 | 2026-06-17 |
| CVE-2021-39935 KEV | An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.5 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Unauthorized external users could perform Server Side Requests via the CI Lint API | 6.8 | 35.65% | 2021-12-13 | 2026-06-17 |
| CVE-2021-20042 | An unauthenticated remote attacker can use SMA 100 as an unintended proxy or intermediary undetectable proxy to bypass firewall rules. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. | 9.8 | 2.66% | 2021-12-08 | 2026-06-16 |
| CVE-2021-37940 | An information disclosure via GET request server-side request forgery vulnerability was discovered with the Workplace Search Github Enterprise Server integration. Using this vulnerability, a malicious Workplace Search admin could use the GHES integration to view hosts that might not be publicly accessible. | 6.8 | 0.85% | 2021-12-07 | 2026-06-17 |
| CVE-2021-4075 | snipe-it is vulnerable to Server-Side Request Forgery (SSRF) | 7.2 | 0.89% | 2021-12-06 | 2026-06-17 |
| CVE-2021-40091 | An SSRF issue was discovered in SquaredUp for SCOM 5.2.1.6654. | 9.8 | 1.06% | 2021-12-06 | 2026-06-17 |
| CVE-2021-29863 | IBM QRadar SIEM 7.3 and 7.4 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. This vulnerability is due to an incomplete fix for CVE-2020-4786. IBM X-Force ID: 206087. | 4.3 | 0.49% | 2021-12-01 | 2026-06-16 |
| CVE-2021-40809 | An issue was discovered in Jamf Pro before 10.32.0, aka PI-009921. An account can be granted incorrect privileges in response to authentication that uses specific sign-on workflows. | 8.8 | 1.43% | 2021-11-30 | 2026-06-17 |
| CVE-2021-36327 | Dell EMC Streaming Data Platform versions before 1.3 contain a Server Side Request Forgery Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to perform port scanning of internal networks and make HTTP requests to an arbitrary domain of the attacker's choice. | 5.3 | 1.01% | 2021-11-30 | 2026-06-16 |
| CVE-2021-43296 | Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to an SSRF attack in ActionExecutor. | 7.5 | 2.62% | 2021-11-30 | 2026-06-17 |
| CVE-2021-22049 | The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Request Forgery) vulnerability in the vSAN Web Client (vSAN UI) plug-in. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service. | 9.8 | 1.67% | 2021-11-24 | 2026-06-16 |
| CVE-2021-43780 | Redash is a package for data visualization and sharing. In versions 10.0 and priorm the implementation of URL-loading data sources like JSON, CSV, or Excel is vulnerable to advanced methods of Server Side Request Forgery (SSRF). These vulnerabilities are only exploitable on installations where a URL-loading data source is enabled. As of time of publication, the `master` and `release/10.x.x` branches address this by applying the Advocate library for making http requests instead of the requests li | 6.8 | 1.00% | 2021-11-24 | 2026-06-17 |
| CVE-2021-3553 | A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService of Bitdefender Endpoint Security Tools allows an attacker to use the Endpoint Protection relay as a proxy for any remote host. This issue affects: Bitdefender Endpoint Security Tools versions prior to 6.6.27.390; versions prior to 7.1.2.33. Bitdefender Unified Endpoint for Linux versions prior to 6.2.21.160. Bitdefender GravityZone versions prior to 6.24.1-1. | 5.3 | 1.28% | 2021-11-24 | 2026-06-17 |
| CVE-2021-3552 | A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Endpoint Security Tools versions prior to 6.6.27.390; versions prior to 7.1.2.33. Bitdefender GravityZone 6.24.1-1. | 5.3 | 1.37% | 2021-11-24 | 2026-06-17 |
| CVE-2021-23718 | The package ssrf-agent before 1.0.5 are vulnerable to Server-side Request Forgery (SSRF) via the defaultIpChecker function. It fails to properly validate if the IP requested is private. | 6.5 | 1.56% | 2021-11-22 | 2026-06-16 |