Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,154
NuGet
736
pip
3,953
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

205 advisories

Loading
halo v2.20.17 and before is vulnerable to server-side request forgery (SSRF) in /apis/uc.api... Critical Unreviewed
CVE-2025-44594 was published Sep 9, 2025
A Server-Side Request Forgery (SSRF) in the UISP Application may allow a malicious actor with... Critical Unreviewed
CVE-2025-27217 was published Aug 21, 2025
Server side request forgery (SSRF) vulnerability in makeplane plane 0.23.1 via the password... Critical Unreviewed
CVE-2025-50251 was published Aug 13, 2025
Azure OpenAI Elevation of Privilege Vulnerability Critical Unreviewed
CVE-2025-53767 was published Aug 7, 2025
Server-Side Request Forgery (SSRF) vulnerability exists in the URL processing functionality of... Critical Unreviewed
CVE-2025-52362 was published Jul 21, 2025
zrlog v3.1.5 was discovered to contain a Server-Side Request Forgery (SSRF) via the downloadUrl... Critical Unreviewed
CVE-2025-45872 was published Jul 1, 2025
The does not validate a parameter before making a request to it, which could allow... Critical Unreviewed
CVE-2024-4399 was published May 23, 2024
Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection')... Critical Unreviewed
CVE-2024-47208 was published Nov 18, 2024
The 'wp_ajax_boost_proxy_ig' action allows administrators to make GET requests to arbitrary URLs. Critical Unreviewed
CVE-2024-6584 was published May 15, 2025
Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to Server-Side Request Forgery ... Critical Unreviewed
CVE-2021-31531 was published May 24, 2022
Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF. Critical Unreviewed
CVE-2019-3905 was published May 14, 2022
Esri Portal for ArcGIS 11.4 and prior allows a remote, unauthenticated attacker to bypass the... Critical Unreviewed
CVE-2025-4967 was published May 29, 2025
Server-side request forgery vulnerability exists in a-blog cms multiple versions. If this... Critical Unreviewed
CVE-2025-36560 was published May 19, 2025
Yifang CMS v2.0.2 is vulnerable to Server-Side Request Forgery (SSRF) in /api/file/getRemoteContent. Critical Unreviewed
CVE-2025-45887 was published May 9, 2025
Server-Side Request Forgery (SSRF) in Microsoft Power Apps allows an unauthorized attacker to... Critical Unreviewed
CVE-2025-47733 was published May 9, 2025
Server-Side Request Forgery (SSRF) in Azure allows an authorized attacker to perform spoofing... Critical Unreviewed
CVE-2025-29972 was published May 9, 2025
Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) are vulnerable to SSRF when... Critical Unreviewed
CVE-2022-35508 was published Dec 4, 2022
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014... Critical Unreviewed
CVE-2025-27652 was published Mar 5, 2025
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014... Critical Unreviewed
CVE-2025-27651 was published Mar 5, 2025
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014... Critical Unreviewed
CVE-2025-27655 was published Mar 5, 2025
In certain Lexmark products through 2023-01-12, SSRF can occur because of a lack of input... Critical Unreviewed
CVE-2023-23560 was published Jan 23, 2023
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input... Critical Unreviewed
CVE-2021-21985 was published May 24, 2022
maccms10 v2025.1000.4047 has a Server-Side Request Forgery (SSRF) vulnerability via Add Article. Critical Unreviewed
CVE-2025-28091 was published Mar 29, 2025
maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) in the Collection... Critical Unreviewed
CVE-2025-28090 was published Mar 29, 2025
maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) via the Scheduled... Critical Unreviewed
CVE-2025-28089 was published Mar 29, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database