Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,706
Erlang
34
GitHub Actions
28
Go
2,292
Maven
5,000+
npm
3,942
NuGet
708
pip
3,711
Pub
12
RubyGems
919
Rust
959
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

337 advisories

Loading
Book Stack version 23.10.2 allows filtering local files on the server. This is possible because... High Unreviewed
CVE-2023-6199 was published Nov 21, 2023
HCL MyXalytics is affected by out-of-band resource load (HTTP) vulnerability. An attacker can... High Unreviewed
CVE-2024-42168 was published Jan 11, 2025
A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance... High Unreviewed
CVE-2025-40595 was published May 14, 2025
The Everest Forms plugin for WordPress is vulnerable to Server-Side Request Forgery in all... High Unreviewed
CVE-2024-1812 was published Apr 9, 2024
Sematell ReplyOne 7.4.3.0 allows SSRF via the application server API. High Unreviewed
CVE-2024-48907 was published May 2, 2025
A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance... High Unreviewed
CVE-2025-2170 was published Apr 30, 2025
PostHog database_schema Server-Side Request Forgery Information Disclosure Vulnerability. This... High Unreviewed
CVE-2025-1522 was published Apr 23, 2025
PostHog slack_incoming_webhook Server-Side Request Forgery Information Disclosure Vulnerability.... High Unreviewed
CVE-2025-1521 was published Apr 23, 2025
An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Mail... High Unreviewed
CVE-2025-29459 was published Apr 18, 2025
An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Change... High Unreviewed
CVE-2025-29458 was published Apr 18, 2025
An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Import a... High Unreviewed
CVE-2025-29457 was published Apr 18, 2025
An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Add... High Unreviewed
CVE-2025-29460 was published Apr 18, 2025
XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might... High Unreviewed
CVE-2017-9355 was published May 17, 2022
In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading... High Unreviewed
CVE-2017-9066 was published May 14, 2022
Multiple server-side request forgery (SSRF) vulnerabilities in Yeager CMS 1.2.1 allow remote... High Unreviewed
CVE-2015-7570 was published May 14, 2022
PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen... High Unreviewed
CVE-2017-7272 was published May 14, 2022
MyBB before 1.8.11 allows remote attackers to bypass an SSRF protection mechanism. High Unreviewed
CVE-2017-7566 was published May 17, 2022
The fetch_remote_file function in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System... High Unreviewed
CVE-2016-9417 was published May 17, 2022
ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server... High Unreviewed
CVE-2016-7999 was published May 17, 2022
An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensitive information via the... High Unreviewed
CVE-2025-29451 was published Apr 17, 2025
An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensitive information via the... High Unreviewed
CVE-2025-29452 was published Apr 17, 2025
An issue in a-blogcms 3.1.15 allows a remote attacker to obtain sensitive information via the ... High Unreviewed
CVE-2025-29461 was published Apr 18, 2025
SmartRobot from INTUMIT has a Server-Side Request Forgery vulnerability, allowing unauthenticated... High Unreviewed
CVE-2025-3572 was published Apr 14, 2025
The media-file upload feature in vBulletin before 3.8.7 Patch Level 6, 3.8.8 before Patch Level 2... High Unreviewed
CVE-2016-6483 was published May 17, 2022
A Server-Side Request Forgery (SSRF) in Rocket TRUfusion Portal v7.9.2.1 allows remote attackers... High Unreviewed
CVE-2022-25026 was published Jan 13, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database