Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,706
Erlang
34
GitHub Actions
28
Go
2,292
Maven
5,000+
npm
3,942
NuGet
708
pip
3,711
Pub
12
RubyGems
919
Rust
959
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

196 advisories

Loading
Server-side request forgery vulnerability exists in a-blog cms multiple versions. If this... Critical Unreviewed
CVE-2025-36560 was published May 19, 2025
Yifang CMS v2.0.2 is vulnerable to Server-Side Request Forgery (SSRF) in /api/file/getRemoteContent. Critical Unreviewed
CVE-2025-45887 was published May 9, 2025
Server-Side Request Forgery (SSRF) in Microsoft Power Apps allows an unauthorized attacker to... Critical Unreviewed
CVE-2025-47733 was published May 9, 2025
Server-Side Request Forgery (SSRF) in Azure allows an authorized attacker to perform spoofing... Critical Unreviewed
CVE-2025-29972 was published May 9, 2025
Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) are vulnerable to SSRF when... Critical Unreviewed
CVE-2022-35508 was published Dec 4, 2022
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014... Critical Unreviewed
CVE-2025-27651 was published Mar 5, 2025
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014... Critical Unreviewed
CVE-2025-27652 was published Mar 5, 2025
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014... Critical Unreviewed
CVE-2025-27655 was published Mar 5, 2025
In certain Lexmark products through 2023-01-12, SSRF can occur because of a lack of input... Critical Unreviewed
CVE-2023-23560 was published Jan 23, 2023
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input... Critical Unreviewed
CVE-2021-21985 was published May 24, 2022
maccms10 v2025.1000.4047 has a Server-Side Request Forgery (SSRF) vulnerability via Add Article. Critical Unreviewed
CVE-2025-28091 was published Mar 29, 2025
maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) in the Collection... Critical Unreviewed
CVE-2025-28090 was published Mar 29, 2025
maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) via the Scheduled... Critical Unreviewed
CVE-2025-28089 was published Mar 29, 2025
eladmin v2.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an... Critical Unreviewed
CVE-2024-44677 was published Sep 10, 2024
Inflectra SpiraTeam 7.2.00 is vulnerable to Server-Side Request Forgery (SSRF) via the... Critical Unreviewed
CVE-2024-48590 was published Mar 20, 2025
A Server-Side Request Forgery (SSRF) vulnerability exists in the POST /worker_generate_stream API... Critical Unreviewed
CVE-2024-9309 was published Mar 20, 2025
wkhtmlTOpdf 0.12.6 is vulnerable to SSRF which allows an attacker to get initial access into the... Critical Unreviewed
CVE-2022-35583 was published Aug 23, 2022
Server Side Request Forgery (SSRF) vulnerability in Friendica versions after v.2023.12, allows a... Critical Unreviewed
CVE-2024-25864 was published Apr 3, 2024
JizhiCMS v2.5.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the component ... Critical Unreviewed
CVE-2025-25785 was published Mar 5, 2025
A verbose error handling issue in the proxy service implemented in the GravityZone Update Server... Critical Unreviewed
CVE-2024-6980 was published Jul 31, 2024
Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1... Critical Unreviewed
CVE-2021-27561 was published May 24, 2022
Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to... Critical Unreviewed
CVE-2021-27103 was published May 24, 2022
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x... Critical Unreviewed
CVE-2021-22986 was published May 24, 2022
I, Librarian before and including 5.11.1 is vulnerable to Server-Side Request Forgery (SSRF) due... Critical Unreviewed
CVE-2024-54819 was published Jan 7, 2025
A Server-Side Request Forgery (SSRF) vulnerability exists in the POST /worker_generate_stream API... Critical Unreviewed
CVE-2024-10044 was published Dec 30, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database