GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 22,605
Composer 4,714
Erlang 34
GitHub Actions 28
Go 2,297
Maven 5,575
npm 3,942
NuGet 708
pip 3,711
Pub 12
RubyGems 920
Rust 959
Swift 38

Unreviewed advisories

All unreviewed 256,628

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

1,061 advisories

Filter by severity

Sort by

Least recently updated

The WP STAGING WordPress Backup Plugin WordPress plugin before 3.5.0 does not prevent users with... High Unreviewed

CVE-2024-4469 was published May 31, 2024

Book Stack version 23.10.2 allows filtering local files on the server. This is possible because... High Unreviewed

CVE-2023-6199 was published Nov 21, 2023

Server-side request forgery vulnerability exists in a-blog cms multiple versions. If this... Critical Unreviewed

CVE-2025-36560 was published May 19, 2025

HCL MyXalytics is affected by out-of-band resource load (HTTP) vulnerability. An attacker can... High Unreviewed

CVE-2024-42168 was published Jan 11, 2025

The Page Builder Gutenberg Blocks WordPress plugin before 3.1.12 does not prevent users from... Moderate Unreviewed

CVE-2024-4260 was published Jul 23, 2024

A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance... High Unreviewed

CVE-2025-40595 was published May 14, 2025

The Broken Link Checker WordPress plugin before 2.4.2 does not validate a the link URLs before... Moderate Unreviewed

CVE-2024-10903 was published Dec 26, 2024

The Ninja Forms Webhooks plugin for WordPress is vulnerable to Server-Side Request Forgery in all... Moderate Unreviewed

CVE-2024-13940 was published May 14, 2025

Yifang CMS v2.0.2 is vulnerable to Server-Side Request Forgery (SSRF) in /api/file/getRemoteContent. Critical Unreviewed

CVE-2025-45887 was published May 9, 2025

open-webui v0.5.16 is vulnerable to SSRF in routers/ollama.py in function verify_connection. Low Unreviewed

CVE-2025-29446 was published Apr 21, 2025

Server-Side Request Forgery (SSRF) in Microsoft Power Apps allows an unauthorized attacker to... Critical Unreviewed

CVE-2025-47733 was published May 9, 2025

Server-Side Request Forgery (SSRF) in Azure allows an authorized attacker to perform spoofing... Critical Unreviewed

CVE-2025-29972 was published May 9, 2025

The Import WP WordPress plugin before 2.13.1 does not prevent users with the administrator role... Moderate Unreviewed

CVE-2023-7253 was published Apr 24, 2024

Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputted properly. With cookie of... Moderate Unreviewed

CVE-2020-17386 was published May 24, 2022

Server-Side Request Forgery (SSRF) vulnerability in WPWebinarSystem WebinarPress allows Server... Moderate Unreviewed

CVE-2025-47635 was published May 7, 2025

Server-Side Request Forgery (SSRF) vulnerability in ThimPress WP Pipes allows Server Side Request... Moderate Unreviewed

CVE-2025-47664 was published May 7, 2025

Server-Side Request Forgery (SSRF) vulnerability in Varun Dubey Wbcom Designs - Activity Link... Moderate Unreviewed

CVE-2025-47548 was published May 7, 2025

Server-Side Request Forgery (SSRF) vulnerability in solacewp Solace Extra allows Server Side... Moderate Unreviewed

CVE-2025-47464 was published May 7, 2025

Server-Side Request Forgery (SSRF) vulnerability in Oliver Campion Display Remote Posts Block... Moderate Unreviewed

CVE-2025-47484 was published May 7, 2025

Server-Side Request Forgery (SSRF) vulnerability in Iulia Cazan Easy Replace Image allows Server... Moderate Unreviewed

CVE-2025-47483 was published May 7, 2025

MrDoc v0.95 and before is vulnerable to Server-Side Request Forgery (SSRF) in the validate_url... Moderate Unreviewed

CVE-2025-45250 was published May 6, 2025

The Everest Forms plugin for WordPress is vulnerable to Server-Side Request Forgery in all... High Unreviewed

CVE-2024-1812 was published Apr 9, 2024

Sematell ReplyOne 7.4.3.0 allows SSRF via the application server API. High Unreviewed

CVE-2024-48907 was published May 2, 2025

IBM Concert Software 1.0.0 through 1.0.5 is vulnerable to server-side request forgery (SSRF).... Moderate Unreviewed

CVE-2024-55910 was published May 2, 2025

A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance... High Unreviewed

CVE-2025-2170 was published Apr 30, 2025

Previous 1 2 3 4 5 … 42 43 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

1,061 advisories