GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 25,503
Composer 5,140
Erlang 40
GitHub Actions 38
Go 2,844
Maven 6,212
npm 4,470
NuGet 779
pip 4,231
Pub 12
RubyGems 974
Rust 1,093
Swift 48

Unreviewed advisories

All unreviewed 286,264

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

874 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Mailpit has a Server-Side Request Forgery (SSRF) via HTML Check API Moderate

CVE-2026-23845 was published for github.com/axllent/mailpit (Go) Jan 21, 2026

Credited to mdisec and omarkurt

A flaw was identified in Keycloak’s OpenID Connect Dynamic Client Registration feature when... Moderate Unreviewed

CVE-2026-1180 was published Jan 20, 2026

A flaw has been found in xiweicheng TMS up to 2.28.0. This affects the function Summary of the... Moderate Unreviewed

CVE-2026-1062 was published Jan 17, 2026

Nu Html Checker (vnu) contains a Server-Side Request Forgery (SSRF) vulnerability Moderate

CVE-2025-15104 was published for nu.validator:validator (Maven) Jan 16, 2026

Credited to augustocesarperin

The DK PDF – WordPress PDF Generator plugin for WordPress is vulnerable to Server-Side Request... Moderate Unreviewed

CVE-2025-14793 was published Jan 16, 2026

lucy-xss-filter before commit 7c1de6d allows an attacker to induce server-side HEAD requests to... Moderate Unreviewed

CVE-2026-23768 was published Jan 16, 2026

Umbraco CMS contains a server-side request forgery vulnerability Moderate

CVE-2021-47776 was published for UmbracoCms (NuGet) Jan 15, 2026

Server-Side Request Forgery (SSRF) vulnerability in Sonatype Nexus Repository 3 versions 3.0.0... Moderate Unreviewed

CVE-2026-0600 was published Jan 15, 2026

Fulcio is vulnerable to Server-Side Request Forgery (SSRF) via MetaIssuer Regex Bypass Moderate

CVE-2026-22772 was published for github.com/sigstore/fulcio (Go) Jan 13, 2026

Credited to morwn

Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker... Moderate Unreviewed

CVE-2026-20958 was published Jan 13, 2026

Insecure permissions in Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows authenticated... Moderate Unreviewed

CVE-2025-65784 was published Jan 13, 2026

The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Server-Side Request... Moderate Unreviewed

CVE-2025-13393 was published Jan 10, 2026

Ghost has SSRF via External Media Inliner Moderate

CVE-2026-22597 was published for ghost (npm) Jan 8, 2026

Credited to odgrso

Smartliving SmartLAN/G/SI <=6.x contains an unauthenticated server-side request forgery... Moderate Unreviewed

CVE-2019-25290 was published Jan 8, 2026

Miniflux Media Proxy SSRF via /proxy endpoint allows access to internal network resources Moderate

CVE-2026-21885 was published for miniflux.app/v2 (Go) Jan 7, 2026

Credited to eclipse07077-ljw

Server-Side Request Forgery (SSRF) vulnerability in minnur External Media allows Server Side... Moderate Unreviewed

CVE-2025-49335 was published Jan 7, 2026

A security vulnerability has been detected in invoiceninja up to 5.12.38. The affected element is... Moderate Unreviewed

CVE-2026-0649 was published Jan 7, 2026

Mailpit Proxy Endpoint has Server-Side Request Forgery (SSRF) vulnerability Moderate

CVE-2026-21859 was published for github.com/axllent/mailpit (Go) Jan 6, 2026

Credited to omarkurt

The Xagio SEO – AI Powered SEO plugin for WordPress is vulnerable to Server-Side Request Forgery... Moderate Unreviewed

CVE-2025-14438 was published Jan 6, 2026

evershop allows unauthenticated attackers to force server to initiate HTTP request via "GET /images" API Moderate

CVE-2025-67427 was published for @evershop/evershop (npm) Jan 5, 2026

Craft CMS vulnerable to Server-Side Request Forgery (SSRF) via GraphQL Asset Upload Mutation Moderate

CVE-2025-68437 was published for craftcms/cms (Composer) Jan 5, 2026

Credited to mHe4am

A flaw has been found in go-sonic sonic up to 1.1.4. The affected element is the function... Moderate Unreviewed

CVE-2025-15414 was published Jan 2, 2026

The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to... Moderate Unreviewed

CVE-2025-14627 was published Jan 1, 2026

Server-Side Request Forgery (SSRF) vulnerability in extendons WordPress & WooCommerce Scraper... Moderate Unreviewed

CVE-2025-62088 was published Dec 31, 2025

Server-Side Request Forgery (SSRF) vulnerability in Jthemes Genemy allows Server Side Request... Moderate Unreviewed

CVE-2025-59138 was published Dec 31, 2025

Previous1…35 Next

Previous 1 2 3 4 5 … 34 35 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

874 advisories