GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 25,503
Composer 5,140
Erlang 40
GitHub Actions 38
Go 2,844
Maven 6,212
npm 4,470
NuGet 779
pip 4,231
Pub 12
RubyGems 974
Rust 1,093
Swift 48

Unreviewed advisories

All unreviewed 286,263

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

874 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Mailpit has a Server-Side Request Forgery (SSRF) via HTML Check API Moderate

CVE-2026-23845 was published for github.com/axllent/mailpit (Go) Jan 21, 2026

Credited to mdisec and omarkurt

Mailpit Proxy Endpoint has Server-Side Request Forgery (SSRF) vulnerability Moderate

CVE-2026-21859 was published for github.com/axllent/mailpit (Go) Jan 6, 2026

Credited to omarkurt

Server-Side Request Forgery (SSRF) vulnerability in extendons WordPress & WooCommerce Scraper... Moderate Unreviewed

CVE-2025-62088 was published Dec 31, 2025

Server-Side Request Forgery (SSRF) vulnerability in Jthemes Genemy allows Server Side Request... Moderate Unreviewed

CVE-2025-59138 was published Dec 31, 2025

Server-Side Request Forgery (SSRF) vulnerability in HETWORKS WordPress Image shrinker allows... Moderate Unreviewed

CVE-2025-68893 was published Dec 29, 2025

A flaw was identified in Keycloak’s OpenID Connect Dynamic Client Registration feature when... Moderate Unreviewed

CVE-2026-1180 was published Jan 20, 2026

Server-Side Request Forgery (SSRF) vulnerability in ThemesInflow Hercules Core hercules-core... Moderate Unreviewed

CVE-2025-63010 was published Dec 9, 2025

Server-Side Request Forgery (SSRF) vulnerability in Youzify Youzify youzify allows Server Side... Moderate Unreviewed

CVE-2025-69014 was published Dec 30, 2025

Server-Side Request Forgery (SSRF) vulnerability in Icegram Icegram Express Pro email-subscribers... Moderate Unreviewed

CVE-2025-49917 was published Oct 22, 2025

Server-Side Request Forgery (SSRF) vulnerability in LMPixels Kerge kerge allows Server Side... Moderate Unreviewed

CVE-2025-67989 was published Dec 16, 2025

Server-Side Request Forgery (SSRF) vulnerability in Codeless Slider Templates slider-templates... Moderate Unreviewed

CVE-2025-62988 was published Oct 27, 2025

Server-Side Request Forgery (SSRF) vulnerability in captcha.eu Captcha.eu captcha-eu allows... Moderate Unreviewed

CVE-2025-49374 was published Oct 22, 2025

A flaw has been found in xiweicheng TMS up to 2.28.0. This affects the function Summary of the... Moderate Unreviewed

CVE-2026-1062 was published Jan 17, 2026

Nu Html Checker (vnu) contains a Server-Side Request Forgery (SSRF) vulnerability Moderate

CVE-2025-15104 was published for nu.validator:validator (Maven) Jan 16, 2026

Credited to augustocesarperin

lucy-xss-filter before commit 7c1de6d allows an attacker to induce server-side HEAD requests to... Moderate Unreviewed

CVE-2026-23768 was published Jan 16, 2026

The DK PDF – WordPress PDF Generator plugin for WordPress is vulnerable to Server-Side Request... Moderate Unreviewed

CVE-2025-14793 was published Jan 16, 2026

Umbraco CMS contains a server-side request forgery vulnerability Moderate

CVE-2021-47776 was published for UmbracoCms (NuGet) Jan 15, 2026

Server-Side Request Forgery (SSRF) vulnerability in Sonatype Nexus Repository 3 versions 3.0.0... Moderate Unreviewed

CVE-2026-0600 was published Jan 15, 2026

Insecure permissions in Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows authenticated... Moderate Unreviewed

CVE-2025-65784 was published Jan 13, 2026

Cowrie has a SSRF vulnerability in wget/curl emulation enabling DDoS amplification Moderate

CVE-2025-34469 was published for cowrie (pip) Dec 20, 2025

Credited to filippolauria, mcastellaneta, and claudiopo82

During an internal security assessment, a Server-Side Request Forgery (SSRF) vulnerability that... Moderate Unreviewed

CVE-2025-7622 was published Aug 12, 2025

Fulcio is vulnerable to Server-Side Request Forgery (SSRF) via MetaIssuer Regex Bypass Moderate

CVE-2026-22772 was published for github.com/sigstore/fulcio (Go) Jan 13, 2026

Credited to morwn

Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker... Moderate Unreviewed

CVE-2026-20958 was published Jan 13, 2026

Ghost has SSRF via External Media Inliner Moderate

CVE-2026-22597 was published for ghost (npm) Jan 8, 2026

Credited to odgrso

The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Server-Side Request... Moderate Unreviewed

CVE-2025-13393 was published Jan 10, 2026

Previous1…35 Next

Previous 1 2 3 4 5 … 34 35 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

874 advisories