GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 25,503
Composer 5,140
Erlang 40
GitHub Actions 38
Go 2,844
Maven 6,212
npm 4,470
NuGet 779
pip 4,231
Pub 12
RubyGems 974
Rust 1,093
Swift 48

Unreviewed advisories

All unreviewed 286,264

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

704 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

A flaw was identified in Keycloak’s OpenID Connect Dynamic Client Registration feature when... Moderate Unreviewed

CVE-2026-1180 was published Jan 20, 2026

A flaw has been found in xiweicheng TMS up to 2.28.0. This affects the function Summary of the... Moderate Unreviewed

CVE-2026-1062 was published Jan 17, 2026

The DK PDF – WordPress PDF Generator plugin for WordPress is vulnerable to Server-Side Request... Moderate Unreviewed

CVE-2025-14793 was published Jan 16, 2026

lucy-xss-filter before commit 7c1de6d allows an attacker to induce server-side HEAD requests to... Moderate Unreviewed

CVE-2026-23768 was published Jan 16, 2026

Server-Side Request Forgery (SSRF) vulnerability in Sonatype Nexus Repository 3 versions 3.0.0... Moderate Unreviewed

CVE-2026-0600 was published Jan 15, 2026

Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker... Moderate Unreviewed

CVE-2026-20958 was published Jan 13, 2026

Insecure permissions in Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows authenticated... Moderate Unreviewed

CVE-2025-65784 was published Jan 13, 2026

The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Server-Side Request... Moderate Unreviewed

CVE-2025-13393 was published Jan 10, 2026

Smartliving SmartLAN/G/SI <=6.x contains an unauthenticated server-side request forgery... Moderate Unreviewed

CVE-2019-25290 was published Jan 8, 2026

Server-Side Request Forgery (SSRF) vulnerability in minnur External Media allows Server Side... Moderate Unreviewed

CVE-2025-49335 was published Jan 7, 2026

A security vulnerability has been detected in invoiceninja up to 5.12.38. The affected element is... Moderate Unreviewed

CVE-2026-0649 was published Jan 7, 2026

The Xagio SEO – AI Powered SEO plugin for WordPress is vulnerable to Server-Side Request Forgery... Moderate Unreviewed

CVE-2025-14438 was published Jan 6, 2026

A flaw has been found in go-sonic sonic up to 1.1.4. The affected element is the function... Moderate Unreviewed

CVE-2025-15414 was published Jan 2, 2026

The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to... Moderate Unreviewed

CVE-2025-14627 was published Jan 1, 2026

Server-Side Request Forgery (SSRF) vulnerability in extendons WordPress & WooCommerce Scraper... Moderate Unreviewed

CVE-2025-62088 was published Dec 31, 2025

Server-Side Request Forgery (SSRF) vulnerability in Jthemes Genemy allows Server Side Request... Moderate Unreviewed

CVE-2025-59138 was published Dec 31, 2025

A security vulnerability has been detected in EyouCMS up to 1.7.7. Impacted is the function... Moderate Unreviewed

CVE-2025-15373 was published Dec 31, 2025

A vulnerability was determined in FeehiCMS up to 2.1.1. Impacted is an unknown function of the... Moderate Unreviewed

CVE-2025-15264 was published Dec 30, 2025

Server-Side Request Forgery (SSRF) vulnerability in Youzify Youzify youzify allows Server Side... Moderate Unreviewed

CVE-2025-69014 was published Dec 30, 2025

Server-Side Request Forgery (SSRF) vulnerability in HETWORKS WordPress Image shrinker allows... Moderate Unreviewed

CVE-2025-68893 was published Dec 29, 2025

A vulnerability was determined in YunaiV yudao-cloud up to 2025.11. This affects the function... Moderate Unreviewed

CVE-2025-15098 was published Dec 26, 2025

Teradek VidiU Pro 3.0.3 contains a server-side request forgery vulnerability in the management... Moderate Unreviewed

CVE-2019-25251 was published Dec 24, 2025

Hasura GraphQL 1.3.3 contains a server-side request forgery vulnerability that allows attackers... Moderate Unreviewed

CVE-2021-47715 was published Dec 23, 2025

The Prime Slider – Addons for Elementor plugin for WordPress is vulnerable to Server-Side Request... Moderate Unreviewed

CVE-2025-14277 was published Dec 18, 2025

Server-Side Request Forgery (SSRF) vulnerability in LMPixels Kerge kerge allows Server Side... Moderate Unreviewed

CVE-2025-67989 was published Dec 16, 2025

Previous1…29 Next

Previous 1 2 3 4 5 … 28 29 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

704 advisories