Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,154
NuGet
736
pip
3,953
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

510 advisories

Loading
Dragonfly vulnerable to server-side request forgery High
CVE-2025-59346 was published for github.com/dragonflyoss/dragonfly (Go) Sep 17, 2025
gaius-qi
FlowiseAI/Flowise has Server-Side Request Forgery (SSRF) vulnerability High
GHSA-hr92-4q35-4j3m was published for flowise (npm) Sep 15, 2025
im-soohyun
An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 18.1.6, 18... High Unreviewed
CVE-2025-6454 was published Sep 12, 2025
Server-Side Request Forgery (SSRF) vulnerability in FWDesign Ultimate Video Player allows Server... High Unreviewed
CVE-2025-49430 was published Sep 9, 2025
Server-Side Request Forgery via /_image endpoint in Astro Cloudflare adapter High
CVE-2025-58179 was published for @astrojs/cloudflare (npm) Sep 4, 2025
ghostdevv monizb
alexanderniebuhr ascorbic ematipico delucis
PhpSpreadsheet vulnerable to SSRF when reading and displaying a processed HTML document in the browser High
CVE-2025-54370 was published for phpoffice/phpspreadsheet (Composer) Aug 25, 2025
The Events Calendar, Event Booking, Registrations and Event Tickets – Eventin plugin for... High Unreviewed
CVE-2025-7813 was published Aug 23, 2025
CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthorized... High Unreviewed
CVE-2025-54925 was published Aug 20, 2025
CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthorized... High Unreviewed
CVE-2025-54924 was published Aug 20, 2025
Server-Side Request Forgery (SSRF) vulnerability in Pik Online Yazılım Çözümleri A.Ş. Pik Online... High Unreviewed
CVE-2025-5260 was published Aug 20, 2025
Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker... High Unreviewed
CVE-2025-53760 was published Aug 12, 2025
Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway (SEG) in SEG prior to 2.32... High Unreviewed
CVE-2025-25235 was published Aug 12, 2025
ssrfcheck has Incomplete IP Address Deny List that leads to Server-Side Request Forgery Vulnerability High
CVE-2025-8267 was published for ssrfcheck (npm) Jul 28, 2025
Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux ... High Unreviewed
CVE-2025-52453 was published Jul 25, 2025
private-ip vulnerable to Server-Side Request Forgery High
CVE-2025-8020 was published for private-ip (npm) Jul 23, 2025
An issue was discovered in Eveo URVE Web Manager 27.02.2025. The endpoint /_internal/redirect.php... High Unreviewed
CVE-2025-36845 was published Jul 21, 2025
CWE-918 Server-Side Request Forgery (SSRF) High Unreviewed
CVE-2025-46385 was published Jul 20, 2025
XXL-JOB vulnerable to Server-Side Request Forgery High
CVE-2024-24113 was published for com.xuxueli:xxl-job (Maven) Feb 8, 2024
achibear
XXL-JOB vulnerable to Server-Side Request Forgery (SSRF) High
CVE-2022-43183 was published for com.xuxueli:xxl-job-core (Maven) Nov 17, 2022
MarkLee131 achibear
Eclipse GlassFish is vulnerable to Server Side Request Forgery attacks through specific endpoints High
CVE-2024-9408 was published for org.glassfish.main.admingui:console-common (Maven) Jul 16, 2025
LangChain Community SSRF vulnerability exists in RequestsToolkit component High
CVE-2025-2828 was published for langchain-community (pip) Jun 23, 2025
SSRF in Apache HTTP Server with mod_proxy loaded allows an attacker to send outbound proxy... High Unreviewed
CVE-2024-43204 was published Jul 10, 2025
Server-Side Request Forgery (SSRF) in Apache HTTP Server on Windows allows to potentially leak... High Unreviewed
CVE-2024-43394 was published Jul 10, 2025
In version 3.83 of binary-husky/gpt_academic, a Server-Side Request Forgery (SSRF) vulnerability... High Unreviewed
CVE-2024-11031 was published Mar 20, 2025
The Broken Link Notifier plugin for WordPress is vulnerable to Server-Side Request Forgery in all... High Unreviewed
CVE-2025-6851 was published Jul 11, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database