Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,950
Erlang
39
GitHub Actions
38
Go
2,605
Maven
5,000+
npm
4,250
NuGet
757
pip
4,016
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

380 advisories

Loading
vLLM is vulnerable to Server-Side Request Forgery (SSRF) through `MediaConnector` class High
CVE-2025-6242 was published for vllm (pip) Oct 7, 2025
kexinoh d3do-23
lonelyuan huachenheli DarkLight1337 russellb sidhpurwala-huzaifa
Credited to kexinoh, d3do-23, lonelyuan, huachenheli, DarkLight1337, russellb, and sidhpurwala-huzaifa
SSRF in adminer High
CVE-2021-21311 was published for vrana/adminer (Composer) Feb 11, 2021
bpsizemore UNC1739
Credited to bpsizemore and UNC1739
Shopware vulnerable to Server-Side Request Forgery (SSRF) – order invoice Low
GHSA-3cpp-fv95-mpr5 was published for shopware/core (Composer) Oct 21, 2025
larskemper
Credited to larskemper
Lobe Chat vulnerable to Server-Side Request Forgery with native web fetch module Low
CVE-2025-62505 was published for @lobehub/chat (npm) Oct 17, 2025
im-soohyun
Credited to im-soohyun
Angular SSR has a Server-Side Request Forgery (SSRF) flaw High
CVE-2025-62427 was published for @angular/ssr (npm) Oct 16, 2025
meDavidNS securityMB
jkrems alan-agius4 josephperrott
Credited to meDavidNS, securityMB, jkrems, alan-agius4, and josephperrott
composio allows Server-Side Request Forgery (SSRF) in BROWSERTOOL Moderate
CVE-2024-8955 was published for composio-core (pip) Mar 20, 2025
WildFly Elytron: SSRF security issue High
CVE-2024-1233 was published for org.wildfly.security:wildfly-elytron-realm-token (Maven) Apr 9, 2024
LLaMA Factory's Chat API Contains Critical SSRF and LFI Vulnerabilities High
CVE-2025-61784 was published for llamafactory (pip) Oct 7, 2025
d3do-23 kexinoh
lonelyuan
Credited to d3do-23, kexinoh, and lonelyuan
Apache Kylin Server-Side Request Forgery (SSRF) Vulnerability High
CVE-2025-61735 was published for org.apache.kylin:kylin (Maven) Oct 2, 2025
Ray has arbitrary code execution via jobs submission API Critical
CVE-2023-48022 was published for ray (pip) Nov 28, 2023
JLLeitschuh
Credited to JLLeitschuh
nossrf Server-Side Request Forgery (SSRF) High
CVE-2025-2691 was published for nossrf (npm) Mar 23, 2025
lirantal
Credited to lirantal
ssrfcheck has Incomplete IP Address Deny List that leads to Server-Side Request Forgery Vulnerability High
CVE-2025-8267 was published for ssrfcheck (npm) Jul 28, 2025
lirantal
Credited to lirantal
cors-anywhere vulnerable to server-side request forgery Critical
CVE-2020-36851 was published for cors-anywhere (npm) Sep 25, 2025
Dragonfly vulnerable to server-side request forgery High
CVE-2025-59346 was published for d7y.io/dragonfly/v2 (Go) Sep 17, 2025
gaius-qi
Credited to gaius-qi
private-ip vulnerable to Server-Side Request Forgery High
CVE-2025-8020 was published for private-ip (npm) Jul 23, 2025
lirantal
Credited to lirantal
Untrusted code execution in Apache XML Graphics Batik High
CVE-2022-42890 was published for org.apache.xmlgraphics:batik (Maven) Oct 25, 2022
AndrzejBiernacki2010
Credited to AndrzejBiernacki2010
Apache Batik vulnerable to Server-Side Request Forgery Moderate
CVE-2022-38648 was published for org.apache.xmlgraphics:batik (Maven) Sep 23, 2022
AndrzejBiernacki2010
Credited to AndrzejBiernacki2010
Apache Batik Server-Side Request Forgery Moderate
CVE-2022-38398 was published for org.apache.xmlgraphics:batik (Maven) Sep 23, 2022
AndrzejBiernacki2010
Credited to AndrzejBiernacki2010
Apache XML Graphics Batik vulnerable to code execution via SVG. High
CVE-2022-41704 was published for org.apache.xmlgraphics:batik (Maven) Oct 25, 2022
AndrzejBiernacki2010
Credited to AndrzejBiernacki2010
FlowiseAI/Flowise has Server-Side Request Forgery (SSRF) vulnerability High
CVE-2025-59527 was published for flowise (npm) Sep 15, 2025
im-soohyun
Credited to im-soohyun
Ghost vulnerable to Server Side Request Forgery (SSRF) via oEmbed Bookmark Moderate
CVE-2025-9862 was published for ghost (npm) Sep 15, 2025
HackMD MCP Server has Server-Side Request Forgery (SSRF) vulnerability Moderate
CVE-2025-59155 was published for hackmd-mcp (npm) Sep 15, 2025
yuna0x0
Credited to yuna0x0
XXL-JOB is vulnerable to SSRF attacks Low
CVE-2025-7787 was published for com.xuxueli:xxl-job-core (Maven) Jul 18, 2025
MLFlow SSRF via gateway_proxy_handler Moderate
CVE-2025-52967 was published for mlflow (pip) Jun 23, 2025
steffenkyhn-git
Credited to steffenkyhn-git
Next.js Improper Middleware Redirect Handling Leads to SSRF Moderate
CVE-2025-57822 was published for next (npm) Aug 29, 2025
medikoo prdngr
Credited to medikoo and prdngr
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database