GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 25,503
Composer 5,140
Erlang 40
GitHub Actions 38
Go 2,844
Maven 6,212
npm 4,470
NuGet 779
pip 4,231
Pub 12
RubyGems 974
Rust 1,093
Swift 48

Unreviewed advisories

All unreviewed 286,264

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

1,338 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

A flaw was identified in Keycloak’s OpenID Connect Dynamic Client Registration feature when... Moderate Unreviewed

CVE-2026-1180 was published Jan 20, 2026

A flaw has been found in xiweicheng TMS up to 2.28.0. This affects the function Summary of the... Moderate Unreviewed

CVE-2026-1062 was published Jan 17, 2026

The Church Admin plugin for WordPress is vulnerable to Server-Side Request Forgery in all... Low Unreviewed

CVE-2026-0682 was published Jan 17, 2026

The DK PDF – WordPress PDF Generator plugin for WordPress is vulnerable to Server-Side Request... Moderate Unreviewed

CVE-2025-14793 was published Jan 16, 2026

lucy-xss-filter before commit 7c1de6d allows an attacker to induce server-side HEAD requests to... Moderate Unreviewed

CVE-2026-23768 was published Jan 16, 2026

Server-Side Request Forgery (SSRF) vulnerability in Sonatype Nexus Repository 3 versions 3.0.0... Moderate Unreviewed

CVE-2026-0600 was published Jan 15, 2026

External Control of File Name or Path (CWE-73) combined with Server-Side Request Forgery (CWE-918... High Unreviewed

CVE-2026-0532 was published Jan 14, 2026

The GetContentFromURL plugin for WordPress is vulnerable to Server-Side Request Forgery in all... High Unreviewed

CVE-2025-14613 was published Jan 14, 2026

Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker... Moderate Unreviewed

CVE-2026-20958 was published Jan 13, 2026

A Server-Side Request Forgery (SSRF) vulnerability [CWE-918] vulnerability in Fortinet... Low Unreviewed

CVE-2025-67685 was published Jan 13, 2026

Insecure permissions in Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows authenticated... Moderate Unreviewed

CVE-2025-65784 was published Jan 13, 2026

The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Server-Side Request... Moderate Unreviewed

CVE-2025-13393 was published Jan 10, 2026

Server-Side Request Forgery (SSRF) vulnerability in _nK nK Themes Helper nk-themes-helper allows... Critical Unreviewed

CVE-2025-22726 was published Jan 8, 2026

Smartliving SmartLAN/G/SI <=6.x contains an unauthenticated server-side request forgery... Moderate Unreviewed

CVE-2019-25290 was published Jan 8, 2026

Server-Side Request Forgery (SSRF) vulnerability in minnur External Media allows Server Side... Moderate Unreviewed

CVE-2025-49335 was published Jan 7, 2026

A security vulnerability has been detected in invoiceninja up to 5.12.38. The affected element is... Moderate Unreviewed

CVE-2026-0649 was published Jan 7, 2026

The Xagio SEO – AI Powered SEO plugin for WordPress is vulnerable to Server-Side Request Forgery... Moderate Unreviewed

CVE-2025-14438 was published Jan 6, 2026

A flaw has been found in go-sonic sonic up to 1.1.4. The affected element is the function... Moderate Unreviewed

CVE-2025-15414 was published Jan 2, 2026

The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to... Moderate Unreviewed

CVE-2025-14627 was published Jan 1, 2026

Server-Side Request Forgery (SSRF) vulnerability in extendons WordPress & WooCommerce Scraper... Moderate Unreviewed

CVE-2025-62088 was published Dec 31, 2025

Server-Side Request Forgery (SSRF) vulnerability in Jthemes Genemy allows Server Side Request... Moderate Unreviewed

CVE-2025-59138 was published Dec 31, 2025

A security vulnerability has been detected in EyouCMS up to 1.7.7. Impacted is the function... Moderate Unreviewed

CVE-2025-15373 was published Dec 31, 2025

A vulnerability was determined in FeehiCMS up to 2.1.1. Impacted is an unknown function of the... Moderate Unreviewed

CVE-2025-15264 was published Dec 30, 2025

Server-Side Request Forgery (SSRF) vulnerability in Youzify Youzify youzify allows Server Side... Moderate Unreviewed

CVE-2025-69014 was published Dec 30, 2025

A critical vulnerability has been identified in givanz VvvebJs 1.7.2, which allows both Server... Critical Unreviewed

CVE-2024-25181 was published Dec 29, 2025

Previous1…54 Next

Previous 1 2 3 4 5 … 53 54 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

1,338 advisories