GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
1,950 advisories
AVideo has Unauthenticated SSRF via plugin/Live/test.php
Critical
CVE-2026-33502
was published
for
wwbn/avideo
(Composer)
Mar 20, 2026
PDFME has SSRF via Unvalidated URL Fetch in `getB64BasePdf` When `basePdf` Is Attacker-Controlled
Moderate
GHSA-pgx6-7jcq-2qff
was published
for
@pdfme/common
(npm)
Mar 20, 2026
AVideo has a SSRF Protection Bypass via IPv4-Mapped IPv6 Addresses in Unauthenticated LiveLinks Proxy
High
CVE-2026-33480
was published
for
wwbn/avideo
(Composer)
Mar 20, 2026
AVideo has Unauthenticated SSRF via `webSiteRootURL` Parameter in saveDVR.json.php, Chaining to Verification Bypass
Critical
CVE-2026-33351
was published
for
wwbn/avideo
(Composer)
Mar 19, 2026
league/commonmark has an embed extension allowed_domains bypass
Moderate
CVE-2026-33347
was published
for
league/commonmark
(Composer)
Mar 19, 2026
AVideo Affected by SSRF in BulkEmbed Thumbnail Fetch Allows Reading Internal Network Resources
Moderate
CVE-2026-33294
was published
for
wwbn/avideo
(Composer)
Mar 19, 2026
AVideo has SSRF in Scheduler Plugin via callbackURL Missing `isSSRFSafeURL()` Validation
Moderate
CVE-2026-33237
was published
for
wwbn/avideo
(Composer)
Mar 19, 2026
Budibase Unrestricted Server-Side Request Forgery (SSRF) via REST Datasource Query Preview
High
CVE-2026-33226
was published
for
budibase
(npm)
Mar 18, 2026
PinchTab has a Blind SSRF via browser-side redirect bypass in /download URL validation
Moderate
CVE-2026-33081
was published
for
github.com/pinchtab/pinchtab
(Go)
Mar 18, 2026
SSRF in @aborruso/ckan-mcp-server via base_url allows access to internal networks
Moderate
CVE-2026-33060
was published
for
@aborruso/ckan-mcp-server
(npm)
Mar 18, 2026
AVideo vulnerable to unauthenticated SSRF via HTTP redirect bypass in LiveLinks proxy
High
CVE-2026-33039
was published
for
wwbn/avideo
(Composer)
Mar 17, 2026
ProTip!
Advisories are also available from the
GraphQL API