GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
18 advisories
Shopware vulnerable to Server-Side Request Forgery (SSRF) – order invoice
Low
GHSA-3cpp-fv95-mpr5
was published
for
shopware/core
(Composer)
Oct 21, 2025
Lobe Chat vulnerable to Server-Side Request Forgery with native web fetch module
Low
CVE-2025-62505
was published
for
@lobehub/chat
(npm)
Oct 17, 2025
Mautic vulnerable to SSRF via webhook function
Low
CVE-2025-9821
was published
for
mautic/core
(Composer)
Sep 3, 2025
PowSyBl Core XML Reader allows XXE and SSRF
Low
CVE-2025-47293
was published
for
com.powsybl:powsybl-commons
(Maven)
Jun 19, 2025
TYPO3 CMS Webhooks Server Side Request Forgery
Low
CVE-2025-47936
was published
for
typo3/cms-webhooks
(Composer)
May 20, 2025
Server-side Request Forgery (SSRF) in hackney
Low
CVE-2025-1211
was published
for
hackney
(Erlang)
Feb 11, 2025
QOS.CH logback-core Server-Side Request Forgery vulnerability
Low
CVE-2024-12801
was published
for
ch.qos.logback:logback-core
(Maven)
Dec 19, 2024
Trufflehog vulnerable to Blind SSRF in some Detectors
Low
CVE-2024-43379
was published
for
github.com/trufflesecurity/trufflehog/v3
(Go)
Aug 19, 2024
NPM IP package incorrectly identifies some private IP addresses as public
Low
CVE-2023-42282
was published
for
ip
(npm)
Feb 8, 2024
Authenticated Blind SSRF in automad/automad
Low
CVE-2023-7037
was published
for
automad/automad
(Composer)
Dec 21, 2023
google-translate-api-browser Server-Side Request Forgery (SSRF) Vulnerability
Low
CVE-2023-48711
was published
for
google-translate-api-browser
(npm)
Nov 27, 2023
Artifact Hub allows unsafe rego built-in
Low
CVE-2023-45822
was published
for
github.com/artifacthub/hub
(Go)
Oct 19, 2023
ProTip!
Advisories are also available from the
GraphQL API