GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 22,590
Composer 4,706
Erlang 34
GitHub Actions 28
Go 2,292
Maven 5,573
npm 3,942
NuGet 708
pip 3,711
Pub 12
RubyGems 919
Rust 959
Swift 38

Unreviewed advisories

All unreviewed 256,535

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

196 advisories

Filter by severity

Sort by

Least recently updated

Server-side request forgery vulnerability exists in a-blog cms multiple versions. If this... Critical Unreviewed

CVE-2025-36560 was published May 19, 2025

Yifang CMS v2.0.2 is vulnerable to Server-Side Request Forgery (SSRF) in /api/file/getRemoteContent. Critical Unreviewed

CVE-2025-45887 was published May 9, 2025

Server-Side Request Forgery (SSRF) in Azure allows an authorized attacker to perform spoofing... Critical Unreviewed

CVE-2025-29972 was published May 9, 2025

Server-Side Request Forgery (SSRF) in Microsoft Power Apps allows an unauthorized attacker to... Critical Unreviewed

CVE-2025-47733 was published May 9, 2025

maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) in the Collection... Critical Unreviewed

CVE-2025-28090 was published Mar 29, 2025

maccms10 v2025.1000.4047 has a Server-Side Request Forgery (SSRF) vulnerability via Add Article. Critical Unreviewed

CVE-2025-28091 was published Mar 29, 2025

maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) via the Scheduled... Critical Unreviewed

CVE-2025-28089 was published Mar 29, 2025

Inflectra SpiraTeam 7.2.00 is vulnerable to Server-Side Request Forgery (SSRF) via the... Critical Unreviewed

CVE-2024-48590 was published Mar 20, 2025

A Server-Side Request Forgery (SSRF) vulnerability exists in the POST /worker_generate_stream API... Critical Unreviewed

CVE-2024-9309 was published Mar 20, 2025

JizhiCMS v2.5.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the component ... Critical Unreviewed

CVE-2025-25785 was published Mar 5, 2025

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014... Critical Unreviewed

CVE-2025-27651 was published Mar 5, 2025

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014... Critical Unreviewed

CVE-2025-27652 was published Mar 5, 2025

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014... Critical Unreviewed

CVE-2025-27655 was published Mar 5, 2025

I, Librarian before and including 5.11.1 is vulnerable to Server-Side Request Forgery (SSRF) due... Critical Unreviewed

CVE-2024-54819 was published Jan 7, 2025

A Server-Side Request Forgery (SSRF) vulnerability exists in the POST /worker_generate_stream API... Critical Unreviewed

CVE-2024-10044 was published Dec 30, 2024

Adobe Document Service allows an attacker with administrator privileges to send a crafted request... Critical Unreviewed

CVE-2024-47578 was published Dec 10, 2024

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could give attackers the ability... Critical Unreviewed

CVE-2024-48874 was published Dec 6, 2024

Oxide control plane software before 5 allows SSRF. Critical Unreviewed

CVE-2023-50913 was published Dec 5, 2024

A server-side request forgery (SSRF) vulnerability has been reported to affect Notes Station 3.... Critical Unreviewed

CVE-2024-38645 was published Nov 22, 2024

Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection')... Critical Unreviewed

CVE-2024-47208 was published Nov 18, 2024

An issue in Linux Server Heimdall v.2.6.1 allows a remote attacker to execute arbitrary code via... Critical Unreviewed

CVE-2024-51358 was published Nov 6, 2024

New Cloud MyOffice SDK Collaborative Editing Server 2.2.2 through 2.8 allows SSRF via... Critical Unreviewed

CVE-2024-47222 was published Sep 23, 2024

eladmin v2.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an... Critical Unreviewed

CVE-2024-44677 was published Sep 10, 2024

SeaCMS v13.1 was discovered to a Server-Side Request Forgery (SSRF) via the url parameter at ... Critical Unreviewed

CVE-2024-44721 was published Sep 9, 2024

An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in... Critical Unreviewed

CVE-2024-38109 was published Aug 13, 2024

Previous 1 2 3 4 5 6 7 8 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

196 advisories