Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,844
Maven
5,000+
npm
4,470
NuGet
779
pip
4,231
Pub
12
RubyGems
974
Rust
1,093
Swift
48
Unreviewed advisories
All unreviewed
5,000+

54 advisories

Loading
The Church Admin plugin for WordPress is vulnerable to Server-Side Request Forgery in all... Low Unreviewed
CVE-2026-0682 was published Jan 17, 2026
A Server-Side Request Forgery (SSRF) vulnerability [CWE-918] vulnerability in Fortinet... Low Unreviewed
CVE-2025-67685 was published Jan 13, 2026
PodcastGenerator 3.2.9 contains a blind server-side request forgery vulnerability that allows... Low Unreviewed
CVE-2023-53899 was published Dec 16, 2025
In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform... Low Unreviewed
CVE-2025-20388 was published Dec 3, 2025
A security flaw has been discovered in Langfuse up to 3.88.0. Affected by this vulnerability is... Low Unreviewed
CVE-2025-9799 was published Dec 2, 2025
Blind Server-Side Request Forgery (SSRF) in the survey-import feature of ObjectPlanet Opinio 7... Low Unreviewed
CVE-2025-13872 was published Dec 2, 2025
A Server-side Request Forgery vulnerability was found in the Application Server of Desktop Alert... Low Unreviewed
CVE-2025-54560 was published Nov 14, 2025
Shopware vulnerable to Server-Side Request Forgery (SSRF) – order invoice Low
GHSA-3cpp-fv95-mpr5 was published for shopware/core (Composer) Oct 21, 2025
larskemper
Credited to larskemper
Lobe Chat vulnerable to Server-Side Request Forgery with native web fetch module Low
CVE-2025-62505 was published for @lobehub/chat (npm) Oct 17, 2025
im-soohyun
Credited to im-soohyun
HCL Unica Centralized Offer Management is vulnerable to a potential Server-Side Request Forgery ... Low Unreviewed
CVE-2025-31993 was published Oct 12, 2025
CVE-2025-54087 is a server-side request forgery vulnerability in Secure Access prior to version... Low Unreviewed
CVE-2025-54087 was published Oct 2, 2025
The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF because the IP address value... Low Unreviewed
CVE-2025-59436 was published Sep 16, 2025
The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF because the IP address value... Low Unreviewed
CVE-2025-59437 was published Sep 16, 2025
Mautic vulnerable to SSRF via webhook function Low
CVE-2025-9821 was published for mautic/core (Composer) Sep 3, 2025
asesidaa patrykgruszka
kuzmany lukehebe
Credited to asesidaa, patrykgruszka, kuzmany, and lukehebe
Mattermost Server SSRF Vulnerability via the Agents Plugin Low
CVE-2025-47700 was published for github.com/mattermost/mattermost-server (Go) Aug 21, 2025
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by a Server-Side Request... Low Unreviewed
CVE-2025-54234 was published Aug 18, 2025
The Quttera Web Malware Scanner plugin for WordPress is vulnerable to Server-Side Request Forgery... Low Unreviewed
CVE-2025-8013 was published Aug 15, 2025
XXL-JOB is vulnerable to SSRF attacks Low
CVE-2025-7787 was published for com.xuxueli:xxl-job-core (Maven) Jul 18, 2025
PowSyBl Core XML Reader allows XXE and SSRF Low
CVE-2025-47293 was published for com.powsybl:powsybl-commons (Maven) Jun 19, 2025
AdamKorcz arthurscchan
rolnico olperr1
Credited to AdamKorcz, arthurscchan, rolnico, and olperr1
Under certain conditions, SAP Business Objects Business Intelligence Platform allows an... Low Unreviewed
CVE-2025-42988 was published Jun 10, 2025
TYPO3 CMS Webhooks Server Side Request Forgery Low
CVE-2025-47936 was published for typo3/cms-webhooks (Composer) May 20, 2025
bnf
Credited to bnf
IBM Maximo Asset Management 7.6.1.3 is vulnerable to server-side request forgery (SSRF). This may... Low Unreviewed
CVE-2025-2987 was published Apr 22, 2025
open-webui v0.5.16 is vulnerable to SSRF in routers/ollama.py in function verify_connection. Low Unreviewed
CVE-2025-29446 was published Apr 21, 2025
Apache Kylin Server-Side Request Forgery (SSRF) via `/kylin/api/xxx/diag` Endpoint Low
CVE-2024-48944 was published for org.apache.kylin:kylin-common-server (Maven) Mar 27, 2025
Under certain conditions, an SSRF vulnerability in SAP CRM and SAP S/4HANA (Interaction Center)... Low Unreviewed
CVE-2025-27430 was published Mar 11, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database