Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,154
NuGet
736
pip
3,953
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

371 advisories

Loading
Unsecured WMS dynamic styling sld=<url> parameter affords blind unauthenticated SSRF Moderate
CVE-2023-41339 was published for org.geoserver.web:gs-web-app (Maven) Oct 24, 2023
thomsmith remsio-syn
us3r777 mprins
Fides Server-Side Request Forgery Vulnerability in Custom Integration Upload High
CVE-2023-46124 was published for ethyca-fides (pip) Oct 24, 2023
grmpyninja
Langchain Server-Side Request Forgery vulnerability High
CVE-2023-32786 was published for langchain (pip) Oct 21, 2023
eyurtsev
Artifact Hub allows unsafe rego built-in Low
CVE-2023-45822 was published for github.com/artifacthub/hub (Go) Oct 19, 2023
dejanzelic
Apache Shenyu Server Side Request Forgery vulnerability Moderate
CVE-2023-25753 was published for org.apache.shenyu:shenyu-admin (Maven) Oct 19, 2023
LangChain Server Side Request Forgery vulnerability High
CVE-2023-46229 was published for langchain (pip) Oct 19, 2023
Server-Side Request Forgery (SSRF) in vriteio/vrite Critical
CVE-2023-5572 was published for @vrite/sdk (npm) Oct 13, 2023
Magento Open Source allows Server-Side Request Forgery (SSRF) Moderate
CVE-2023-26366 was published for magento/community-edition (Composer) Oct 13, 2023
Presto JDBC Server-Side Request Forgery by nextUri High
GHSA-86q5-qcjc-7pv4 was published for com.facebook.presto:presto-jdbc (Maven) Oct 3, 2023
Presto JDBC Server-Side Request Forgery by redirect High
GHSA-xm7x-f3w2-4hjm was published for com.facebook.presto:presto-jdbc (Maven) Oct 3, 2023
TorchServe Server-Side Request Forgery vulnerability Critical
CVE-2023-43654 was published for torchserve (pip) Oct 2, 2023
GeoNode vulnerable to SSRF Bypass to return internal host data High
CVE-2023-42439 was published for GeoNode (pip) Sep 20, 2023
ImThatT
WireMock Controlled Server Side Request Forgery vulnerability through URL Moderate
CVE-2023-41327 was published for org.wiremock:wiremock-webhooks-extension (Maven) Sep 6, 2023
W0rty oleg-nenashev
Mahoney tomakehurst
SSRF vulnerability in Jenkins Bitbucket Push and Pull Request Plugin allows capturing credentials High
CVE-2023-41937 was published for io.jenkins.plugins:bitbucket-push-and-pull-request (Maven) Sep 6, 2023
Apache Superset has improper default REST API permission for Gamma users Moderate
CVE-2023-36387 was published for apache-superset (pip) Sep 6, 2023
Apache Superset Server Side Request Forgery vulnerability Moderate
CVE-2023-36388 was published for apache-superset (pip) Sep 6, 2023
Apache Airflow denial of service vulnerability High
CVE-2023-37379 was published for apache-airflow (pip) Aug 23, 2023
Apache Batik information disclosure vulnerability Moderate
CVE-2022-44730 was published for org.apache.xmlgraphics:batik-script (Maven) Aug 22, 2023
jkmartindale
Apache XML Graphics Batik Server-Side Request Forgery vulnerability High
CVE-2022-44729 was published for org.apache.xmlgraphics:batik-bridge (Maven) Aug 22, 2023
Flarum vulnerable to LFI and Blind SSRF via Avatar upload High
CVE-2023-40033 was published for flarum/core (Composer) Aug 16, 2023
OpenRefine Server-Side Request Forgery vulnerability Moderate
CVE-2022-41401 was published for org.openrefine:main (Maven) Aug 4, 2023
Apache Superset Server-Side Request Forgery vulnerability Moderate
CVE-2023-25504 was published for apache-superset (pip) Jul 6, 2023
WPGraphQL Plugin vulnerable to Server Side Request Forgery (SSRF) Moderate
CVE-2023-23684 was published for wp-graphql/wp-graphql (Composer) Jun 30, 2023
PlantUML Server-Side Request Forgery vulnerability High
CVE-2023-3432 was published for net.sourceforge.plantuml:plantuml (Maven) Jun 27, 2023
mitchelkuijpers
Moodle vulnerable to Server Side Request Forgery High
CVE-2023-35133 was published for moodle/moodle (Composer) Jun 22, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database