GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
69 advisories
HackMD MCP Server has Server-Side Request Forgery (SSRF) vulnerability
Moderate
CVE-2025-59155
was published
for
hackmd-mcp
(npm)
Sep 15, 2025
FlowiseAI/Flowise has Server-Side Request Forgery (SSRF) vulnerability
High
GHSA-hr92-4q35-4j3m
was published
for
flowise
(npm)
Sep 15, 2025
Server-Side Request Forgery via /_image endpoint in Astro Cloudflare adapter
High
CVE-2025-58179
was published
for
@astrojs/cloudflare
(npm)
Sep 4, 2025
Next.js Improper Middleware Redirect Handling Leads to SSRF
Moderate
CVE-2025-57822
was published
for
next
(npm)
Aug 29, 2025
request-filtering-agent SSRF Bypass via HTTPS Requests to 127.0.0.1
Moderate
CVE-2025-57814
was published
for
request-filtering-agent
(npm)
Aug 25, 2025
webfinger.js Blind SSRF Vulnerability
Moderate
CVE-2025-54590
was published
for
webfinger.js
(npm)
Jul 28, 2025
Strapi allows Server-Side Request Forgery in Webhook function
Moderate
CVE-2024-52588
was published
for
@strapi/admin
(npm)
May 27, 2025
axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL
High
CVE-2025-27152
was published
for
axios
(npm)
Mar 7, 2025
Infinite loop and Blind SSRF found inside the Webfinger mechanism in @fedify/fedify
Moderate
CVE-2025-23221
was published
for
@fedify/fedify
(npm)
Jan 21, 2025
@lobehub/chat Server Side Request Forgery vulnerability
High
CVE-2024-32965
was published
for
@lobehub/chat
(npm)
Nov 26, 2024
lobe-chat implemented an insufficient fix for GHSA-mxhq-xw3g-rphc (CVE-2024-32964)
Moderate
CVE-2024-47066
was published
for
@lobehub/chat
(npm)
Sep 23, 2024
Directus vulnerable to SSRF Loopback IP filter bypass
Moderate
CVE-2024-46990
was published
for
@directus/api
(npm)
Sep 18, 2024
NextChat has full-read SSRF and XSS vulnerability in /api/cors endpoint
Critical
CVE-2023-49785
was published
for
nextchat
(npm)
Aug 5, 2024
Nuxt Icon affected by a Server-Side Request Forgery (SSRF)
High
CVE-2024-42352
was published
for
@nuxt/icon
(npm)
Aug 5, 2024
Directus Blind SSRF On File Import
Moderate
CVE-2024-39699
was published
for
@directus/api
(npm)
Jul 8, 2024
Server Side Request Forgery (SSRF) attack in Fedify
Moderate
CVE-2024-39687
was published
for
@fedify/fedify
(npm)
Jul 5, 2024
ProTip!
Advisories are also available from the
GraphQL API