Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,714
Erlang
34
GitHub Actions
28
Go
2,297
Maven
5,000+
npm
3,942
NuGet
708
pip
3,711
Pub
12
RubyGems
920
Rust
959
Swift
38
Unreviewed advisories
All unreviewed
5,000+

332 advisories

Loading
OpenShift Console Server Side Request Forgery vulnerability Moderate
CVE-2024-6538 was published for github.com/openshift/console (Go) Nov 25, 2024
TYPO3 CMS Webhooks Server Side Request Forgery Low
CVE-2025-47936 was published for typo3/cms-webhooks (Composer) May 20, 2025
bnf
Moodle blind Server-Side Request Forgery (SSRF) vulnerability in LTI provider library Critical
CVE-2022-45152 was published for moodle/moodle (Composer) Nov 25, 2022
Kyverno vulnerable to SSRF via Service Calls High
GHSA-459x-q9hg-4gpq was published for github.com/kyverno/kyverno (Go) Apr 15, 2025
r0binak
phpMyAdmin server-side request forgery (SSRF) High
CVE-2016-6621 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
Crawl4AI SSRF vulnerability Moderate
CVE-2025-28197 was published for Crawl4AI (pip) Apr 18, 2025
SurrealDB bypass of deny-net flags via redirect results in server-side request forgery (SSRF) Moderate
GHSA-5q9x-554g-9jgg was published for surrealdb (Rust) Apr 11, 2025
cure53
LNbits Lightning Network Payment System Vulnerable to Server-Side Request Forgery via LNURL Authentication Callback Critical
CVE-2025-32013 was published for lnbits (pip) Apr 7, 2025
xbow-security
DotNetNuke.Core Vulnerable to Server-Side Request Forgery (SSRF) Moderate
CVE-2025-32372 was published for DotNetNuke.Core (NuGet) Apr 9, 2025
s0nnyWT valadas
david-poindexter
Browsershot Server-Side Request Forgery (SSRF) via setURL() Function High
CVE-2025-3192 was published for spatie/browsershot (Composer) Apr 4, 2025
Apache CXF: SSRF vulnerability via WADL stylesheet parameter High
CVE-2024-29736 was published for org.apache.cxf:cxf-rt-rs-service-description (Maven) Jul 19, 2024
yusuke-koyoshi
ShopXO Vulnerable to Server-Side Request Forgery (SSRF) and Cross-Site Scripting (XSS) Moderate
CVE-2025-28094 was published for shopxo/shopxo (Composer) Mar 29, 2025
ShopXO Vulnerable to Server-Side Request Forgery (SSRF) via Email Settings Moderate
CVE-2025-28093 was published for shopxo/shopxo (Composer) Mar 29, 2025
ShopXO Vulnerable to Server-Side Request Forgery (SSRF) via Image Upload Moderate
CVE-2025-28092 was published for shopxo/shopxo (Composer) Mar 29, 2025
Mobile Security Framework (MobSF) has a SSRF Vulnerability fix bypass on assetlinks_check with DNS Rebinding Moderate
CVE-2025-31116 was published for mobsf (pip) Mar 31, 2025
Sim4n6
axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL High
CVE-2025-27152 was published for axios (npm) Mar 7, 2025
lambdasawa maikelvdh
Apache Kylin Server-Side Request Forgery (SSRF) via `/kylin/api/xxx/diag` Endpoint Low
CVE-2024-48944 was published for org.apache.kylin:kylin-common-server (Maven) Mar 27, 2025
nossrf Server-Side Request Forgery (SSRF) High
CVE-2025-2691 was published for nossrf (npm) Mar 23, 2025
Apache Druid vulnerable to Server-Side Request Forgery, Cross-site Scripting, Open Redirect Moderate
CVE-2025-27888 was published for org.apache.druid:druid (Maven) Mar 20, 2025
Open WebUI has SSRF in /openai/models High
CVE-2024-7959 was published for open-webui (pip) Mar 20, 2025
FastChat Server-Side Request Forgery vulnerability High
CVE-2024-12376 was published for fschat (pip) Mar 20, 2025
FastChat Server-Side Request Forgery vulnerability High
CVE-2024-11603 was published for fschat (pip) Mar 20, 2025
composio Server-Side Request Forgery (SSRF) vulnerability Moderate
CVE-2024-8952 was published for composio-core (pip) Mar 20, 2025
Undertow client not checking server identity presented by server certificate in https connections Critical
CVE-2022-4492 was published for io.undertow:undertow-core (Maven) Feb 23, 2023
fawind
Rembg allows SSRF via /api/remove Moderate
CVE-2025-25301 was published for rembg (pip) Mar 11, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database