Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
22
Go
2,095
Maven
5,000+
npm
3,760
NuGet
678
pip
3,446
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

300 advisories

Loading
Infinite loop and Blind SSRF found inside the Webfinger mechanism in @fedify/fedify Moderate
CVE-2025-23221 was published for @fedify/fedify (npm) Jan 21, 2025
nnfrog
Apache StreamPipes has possibility of SSRF in pipeline element installation process Moderate
CVE-2024-31979 was published for org.apache.streampipes:streampipes-parent (Maven) Jul 17, 2024
Gradio vulnerable to SSRF in the path parameter of /queue/join Moderate
CVE-2024-47167 was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
ip SSRF improper categorization in isPublic High
CVE-2024-29415 was published for ip (npm) Jun 2, 2024
ThisIsMissEm
Matrix Media Repo (MMR) allows Server-Side Request Forgery (SSRF) on redirects and federation Moderate
CVE-2024-52602 was published for github.com/t2bot/matrix-media-repo (Go) Jan 16, 2025
S7evinK
Gomatrixserverlib Server-Side Request Forgery (SSRF) on redirects and federation Moderate
CVE-2024-52594 was published for github.com/matrix-org/gomatrixserverlib (Go) Jan 16, 2025
Server-Side Forgery Request can be activated unmarshalling with XStream Moderate
CVE-2020-26258 was published for com.thoughtworks.xstream:xstream (Maven) Dec 21, 2020
vulnerability-analyst
QOS.CH logback-core Server-Side Request Forgery vulnerability Low
CVE-2024-12801 was published for ch.qos.logback:logback-core (Maven) Dec 19, 2024
HTHou pjfanning
http4k has a potential XXE (XML External Entity Injection) vulnerability Critical
CVE-2024-55875 was published for org.http4k:http4k-format-xml (Maven) Dec 12, 2024
JAckLosingHeart
Magento Open Source Server-Side Request Forgery (SSRF) vulnerability Moderate
CVE-2024-45119 was published for magento/community-edition (Composer) Oct 10, 2024
Backstage Scaffolder plugin vulnerable to Server-Side Request Forgery Moderate
CVE-2024-53983 was published for @backstage/plugin-scaffolder-node (npm) Dec 2, 2024
@lobehub/chat Server Side Request Forgery vulnerability High
CVE-2024-32965 was published for @lobehub/chat (npm) Nov 26, 2024
yyzsec
Server-Side Request Forgery in Plone CMS High
CVE-2021-33926 was published for Plone (pip) Feb 17, 2023
safeurl-python contains Server-Side Request Forgery Moderate
CVE-2023-24622 was published for safeurl-python (pip) Jan 27, 2023
whoissecure
OpenShift Console Server Side Request Forgery vulnerability Moderate
CVE-2024-6538 was published for github.com/openshift/console (Go) Nov 25, 2024
GitHub Security Lab (GHSL) Vulnerability Report: Arbitary write GHSL-2023-182 High
CVE-2023-50731 was published for mindsdb (pip) Dec 15, 2023
sylwia-budzynska
Server-Side Request Forgery in mindsdb Moderate
CVE-2023-49795 was published for mindsdb (pip) Dec 12, 2023
sylwia-budzynska
Label Studio SSRF on Import Bypassing `SSRF_PROTECTION_ENABLED` Protections Moderate
CVE-2023-47116 was published for label-studio (pip) Jan 31, 2024
alex-elttam isacaya
GeoNode Server Side Request forgery High
CVE-2023-40017 was published for geonode (pip) Nov 21, 2024
ImThatT
Server-Side Request Forgery in unoconv High
CVE-2019-17400 was published for unoconv (pip) Oct 24, 2019
MindsDB Vulnerable to Bypass of SSRF Protection with DNS Rebinding High
CVE-2024-24759 was published for mindsdb (pip) Sep 5, 2024
Sim4n6
req may send an unintended request when a malformed URL is provided Moderate
CVE-2024-45258 was published for github.com/imroc/req (Go) Aug 26, 2024
Apache CXF: SSRF vulnerability via WADL stylesheet parameter Low
CVE-2024-29736 was published for org.apache.cxf:cxf-rt-rs-service-description (Maven) Jul 19, 2024
Server Side Request Forgery (SSRF) attack in Fedify Moderate
CVE-2024-39687 was published for @fedify/fedify (npm) Jul 5, 2024
ThisIsMissEm
CairoSVG improperly processes SVG files loaded from external resources High
CVE-2023-27586 was published for CairoSVG (pip) Mar 20, 2023
Cyxow
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database