Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,152
NuGet
736
pip
3,953
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

41 advisories

Loading
Dragonfly vulnerable to server-side request forgery High
CVE-2025-59346 was published for github.com/dragonflyoss/dragonfly (Go) Sep 17, 2025
gaius-qi
Mattermost Server SSRF Vulnerability via the Agents Plugin Low
CVE-2025-47700 was published for github.com/mattermost/mattermost-server (Go) Aug 21, 2025
Grafana Infinity Datasource Plugin SSRF Vulnerability Moderate
CVE-2025-8341 was published for github.com/grafana/grafana-infinity-datasource (Go) Aug 4, 2025
Octo STS Unauthenticated SSRF by abusing fields in OpenID Connect tokens High
CVE-2025-52477 was published for github.com/octo-sts/app (Go) Jun 26, 2025
vicevirus cpanato
mgreau eslerm
Kyverno vulnerable to SSRF via Service Calls High
GHSA-459x-q9hg-4gpq was published for github.com/kyverno/kyverno (Go) Apr 15, 2025
r0binak
Memos Server-Side Request Forgery (SSRF) Moderate
CVE-2025-22952 was published for github.com/usememos/memos (Go) Feb 27, 2025
SSRF in sliver teamserver Moderate
CVE-2025-27090 was published for github.com/bishopfox/sliver (Go) Feb 19, 2025
chebuya
imgproxy is vulnerable to SSRF against 0.0.0.0 Moderate
CVE-2025-24354 was published for github.com/imgproxy/imgproxy (Go) Jan 27, 2025
phannguyenlong Benasin
benaubin
Gomatrixserverlib Server-Side Request Forgery (SSRF) on redirects and federation Moderate
CVE-2024-52594 was published for github.com/matrix-org/gomatrixserverlib (Go) Jan 16, 2025
Matrix Media Repo (MMR) allows Server-Side Request Forgery (SSRF) on redirects and federation Moderate
CVE-2024-52602 was published for github.com/t2bot/matrix-media-repo (Go) Jan 16, 2025
S7evinK
OpenShift Console Server Side Request Forgery vulnerability Moderate
CVE-2024-6538 was published for github.com/openshift/console (Go) Nov 25, 2024
req may send an unintended request when a malformed URL is provided Moderate
CVE-2024-45258 was published for github.com/imroc/req (Go) Aug 26, 2024
Trufflehog vulnerable to Blind SSRF in some Detectors Low
CVE-2024-43379 was published for github.com/trufflesecurity/trufflehog/v3 (Go) Aug 19, 2024
abankalarm
memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta Moderate
CVE-2024-29028 was published for github.com/usememos/memos (Go) Aug 5, 2024
memos vulnerable to Server-Side Request Forgery in /api/resource Moderate
CVE-2024-29030 was published for github.com/usememos/memos (Go) Aug 5, 2024
memos vulnerable to Server-Side Request Forgery and Cross-site Scripting Moderate
CVE-2024-29029 was published for github.com/usememos/memos (Go) Aug 5, 2024
Pterodactyl Wings vulnerable to Server-Side Request Forgery during remote file pull Moderate
CVE-2024-34068 was published for github.com/pterodactyl/wings (Go) May 3, 2024
TrixterTheTux matthewpi
Server-Side Request Forgery in github.com/greenpau/caddy-security Moderate
CVE-2024-21498 was published for github.com/greenpau/caddy-security (Go) Feb 17, 2024
Apache ServiceComb Service-Center Server-Side Request Forgery vulnerability High
CVE-2023-44313 was published for github.com/apache/servicecomb-service-center (Go) Jan 31, 2024
Artifact Hub allows unsafe rego built-in Low
CVE-2023-45822 was published for github.com/artifacthub/hub (Go) Oct 19, 2023
dejanzelic
imgproxy is vulnerable to Server-Side Request Forgery Moderate
CVE-2023-30019 was published for github.com/imgproxy/imgproxy/v3 (Go) May 8, 2023
Withdrawn Advisory: Access control issues in blackbox_exporter High
CVE-2023-26735 was published for github.com/prometheus/blackbox_exporter (Go) Apr 26, 2023 withdrawn
request-baskets vulnerable to Server-Side Request Forgery Moderate
CVE-2023-27163 was published for github.com/darklynx/request-baskets (Go) Mar 31, 2023
Paranoidhttp Server-Side Request Forgery vulnerability High
CVE-2023-24623 was published for github.com/hakobe/paranoidhttp (Go) Jan 30, 2023
KubeVela VelaUX APIserver has SSRF vulnerability Moderate
CVE-2022-39383 was published for github.com/oam-dev/kubevela (Go) Nov 18, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database