Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,743
Erlang
35
GitHub Actions
29
Go
2,318
Maven
5,000+
npm
3,950
NuGet
711
pip
3,729
Pub
12
RubyGems
920
Rust
965
Swift
38
Unreviewed advisories
All unreviewed
5,000+

34 advisories

Loading
TYPO3 CMS Webhooks Server Side Request Forgery Low
CVE-2025-47936 was published for typo3/cms-webhooks (Composer) May 20, 2025
bnf
IBM Maximo Asset Management 7.6.1.3 is vulnerable to server-side request forgery (SSRF). This may... Low Unreviewed
CVE-2025-2987 was published Apr 22, 2025
open-webui v0.5.16 is vulnerable to SSRF in routers/ollama.py in function verify_connection. Low Unreviewed
CVE-2025-29446 was published Apr 21, 2025
Apache Kylin Server-Side Request Forgery (SSRF) via `/kylin/api/xxx/diag` Endpoint Low
CVE-2024-48944 was published for org.apache.kylin:kylin-common-server (Maven) Mar 27, 2025
Under certain conditions, an SSRF vulnerability in SAP CRM and SAP S/4HANA (Interaction Center)... Low Unreviewed
CVE-2025-27430 was published Mar 11, 2025
SolarWinds Platform is affected by server-side request forgery vulnerability. Proper input... Low Unreviewed
CVE-2024-52606 was published Feb 11, 2025
Server-side Request Forgery (SSRF) in hackney Low
CVE-2025-1211 was published for hackney (Erlang) Feb 11, 2025
benoitc
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.5 prior to... Low Unreviewed
CVE-2023-6195 was published Jan 31, 2025
The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form &... Low Unreviewed
CVE-2024-13450 was published Jan 25, 2025
BigFix Patch Download Plug-ins are affected by Server-Side Request Forgery (SSRF) vulnerability. ... Low Unreviewed
CVE-2024-42182 was published Jan 23, 2025
QOS.CH logback-core Server-Side Request Forgery vulnerability Low
CVE-2024-12801 was published for ch.qos.logback:logback-core (Maven) Dec 19, 2024
HTHou pjfanning
Northern.tech Hosted Mender before 2024.07.11 allows SSRF. Low Unreviewed
CVE-2024-47190 was published Nov 8, 2024
Mattermost versions 9.5.x <= 9.5.8 fail to include the metadata endpoints of Oracle Cloud and... Low Unreviewed
CVE-2024-45843 was published Sep 26, 2024
Trufflehog vulnerable to Blind SSRF in some Detectors Low
CVE-2024-43379 was published for github.com/trufflesecurity/trufflehog/v3 (Go) Aug 19, 2024
abankalarm
An administrative user of WebReports may perform a Server Side Request Forgery (SSRF) exploit... Low Unreviewed
CVE-2023-45705 was published Mar 28, 2024
An issue in open-emr before v.7.0.2 allows a remote attacker to escalate privileges via a crafted... Low Unreviewed
CVE-2024-26476 was published Feb 29, 2024
langchain Server-Side Request Forgery vulnerability Low
CVE-2024-0243 was published for langchain (pip) Feb 26, 2024
NPM IP package incorrectly identifies some private IP addresses as public Low
CVE-2023-42282 was published for ip (npm) Feb 8, 2024
G-Rath levpachmanov
dotboris iFreilicht
The WP RSS Aggregator plugin for WordPress is vulnerable to Server-Side Request Forgery in all... Low Unreviewed
CVE-2024-0628 was published Feb 7, 2024
Authenticated Blind SSRF in automad/automad Low
CVE-2023-7037 was published for automad/automad (Composer) Dec 21, 2023
marcantondahmen
google-translate-api-browser Server-Side Request Forgery (SSRF) Vulnerability Low
CVE-2023-48711 was published for google-translate-api-browser (npm) Nov 27, 2023
PinkDraconian
Artifact Hub allows unsafe rego built-in Low
CVE-2023-45822 was published for github.com/artifacthub/hub (Go) Oct 19, 2023
dejanzelic
Server-Side Request Forgery (SSRF) in GitHub repository bookstackapp/bookstack prior to v23.08. Low Unreviewed
CVE-2023-4624 was published Aug 30, 2023
In case Cacheservice was configured to use a sproxyd object-storage backend, it would follow HTTP... Low Unreviewed
CVE-2023-26442 was published Aug 2, 2023
External service lookups for a number of protocols were vulnerable to a time-of-check/time-of-use... Low Unreviewed
CVE-2023-26438 was published Aug 2, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database