Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,154
NuGet
736
pip
3,953
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

510 advisories

Loading
HCL MyXalytics is affected by out-of-band resource load (HTTP) vulnerability. An attacker can... High Unreviewed
CVE-2024-42168 was published Jan 11, 2025
A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance... High Unreviewed
CVE-2025-40595 was published May 14, 2025
The Everest Forms plugin for WordPress is vulnerable to Server-Side Request Forgery in all... High Unreviewed
CVE-2024-1812 was published Apr 9, 2024
Sematell ReplyOne 7.4.3.0 allows SSRF via the application server API. High Unreviewed
CVE-2024-48907 was published May 2, 2025
A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance... High Unreviewed
CVE-2025-2170 was published Apr 30, 2025
PostHog database_schema Server-Side Request Forgery Information Disclosure Vulnerability. This... High Unreviewed
CVE-2025-1522 was published Apr 23, 2025
PostHog slack_incoming_webhook Server-Side Request Forgery Information Disclosure Vulnerability.... High Unreviewed
CVE-2025-1521 was published Apr 23, 2025
An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Change... High Unreviewed
CVE-2025-29458 was published Apr 18, 2025
An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Mail... High Unreviewed
CVE-2025-29459 was published Apr 18, 2025
An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Import a... High Unreviewed
CVE-2025-29457 was published Apr 18, 2025
An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Add... High Unreviewed
CVE-2025-29460 was published Apr 18, 2025
Kyverno vulnerable to SSRF via Service Calls High
GHSA-459x-q9hg-4gpq was published for github.com/kyverno/kyverno (Go) Apr 15, 2025
r0binak
phpMyAdmin server-side request forgery (SSRF) High
CVE-2016-6621 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might... High Unreviewed
CVE-2017-9355 was published May 17, 2022
In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading... High Unreviewed
CVE-2017-9066 was published May 14, 2022
Multiple server-side request forgery (SSRF) vulnerabilities in Yeager CMS 1.2.1 allow remote... High Unreviewed
CVE-2015-7570 was published May 14, 2022
PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen... High Unreviewed
CVE-2017-7272 was published May 14, 2022
MyBB before 1.8.11 allows remote attackers to bypass an SSRF protection mechanism. High Unreviewed
CVE-2017-7566 was published May 17, 2022
The fetch_remote_file function in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System... High Unreviewed
CVE-2016-9417 was published May 17, 2022
ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server... High Unreviewed
CVE-2016-7999 was published May 17, 2022
An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensitive information via the... High Unreviewed
CVE-2025-29451 was published Apr 17, 2025
An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensitive information via the... High Unreviewed
CVE-2025-29452 was published Apr 17, 2025
An issue in a-blogcms 3.1.15 allows a remote attacker to obtain sensitive information via the ... High Unreviewed
CVE-2025-29461 was published Apr 18, 2025
SmartRobot from INTUMIT has a Server-Side Request Forgery vulnerability, allowing unauthenticated... High Unreviewed
CVE-2025-3572 was published Apr 14, 2025
The media-file upload feature in vBulletin before 3.8.7 Patch Level 6, 3.8.8 before Patch Level 2... High Unreviewed
CVE-2016-6483 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database