Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,383
Erlang
33
GitHub Actions
22
Go
2,141
Maven
5,000+
npm
3,803
NuGet
687
pip
3,479
Pub
12
RubyGems
897
Rust
898
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,231 advisories

Loading
The Enfold theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to... Moderate Unreviewed
CVE-2024-13695 was published Feb 25, 2025
Pterodactyl Wings vulnerable to Server-Side Request Forgery during remote file pull Moderate
CVE-2024-34068 was published for github.com/pterodactyl/wings (Go) May 3, 2024
TrixterTheTux matthewpi
SSRF in sliver teamserver Moderate
CVE-2025-27090 was published for github.com/bishopfox/sliver (Go) Feb 19, 2025
chebuya
Server-side Request Forgery (SSRF) in hackney Low
CVE-2025-1211 was published for hackney (Erlang) Feb 11, 2025
benoitc
The Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files plugin for WordPress is... Moderate Unreviewed
CVE-2025-1043 was published Feb 20, 2025
Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server allows... High Unreviewed
CVE-2025-26494 was published Feb 11, 2025
The web server receives a URL or similar request from an upstream component and retrieves the... High Unreviewed
CVE-2024-37359 was published Feb 20, 2025
Stimulsoft GmbH Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Server Side Request Forgery ... High Unreviewed
CVE-2023-25262 was published Mar 28, 2023
A vulnerability was found in kasuganosoras Pigeon 1.0.177. It has been declared as critical. This... Moderate Unreviewed
CVE-2025-1447 was published Feb 19, 2025
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2024-13741 was published Feb 18, 2025
Server-side request forgery (SSRF) vulnerability exists in FileMegane versions above 3.0.0.0... High Unreviewed
CVE-2025-20075 was published Feb 18, 2025
The Stream plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up... Moderate Unreviewed
CVE-2024-13879 was published Feb 17, 2025
The Responsive Plus – Starter Templates, Advanced Features and Customizer Settings for Responsive... Moderate Unreviewed
CVE-2024-13834 was published Feb 15, 2025
Label Studio allows Server-Side Request Forgery in the S3 Storage Endpoint High
CVE-2025-25297 was published for label-studio (pip) Feb 14, 2025
xbow-security
Apache ServiceComb Service-Center Server-Side Request Forgery vulnerability High
CVE-2023-44313 was published for github.com/apache/servicecomb-service-center (Go) Jan 31, 2024
Apache Airflow denial of service vulnerability High
CVE-2023-37379 was published for apache-airflow (pip) Aug 23, 2023
Apache XML Graphics Batik Server-Side Request Forgery vulnerability High
CVE-2022-44729 was published for org.apache.xmlgraphics:batik-bridge (Maven) Aug 22, 2023
Apache Batik information disclosure vulnerability Moderate
CVE-2022-44730 was published for org.apache.xmlgraphics:batik-script (Maven) Aug 22, 2023
jkmartindale
SSRF vulnerability using the Aegis DataBinding in Apache CXF Critical
CVE-2024-28752 was published for org.apache.cxf:cxf-core (Maven) Mar 15, 2024
Apache HugeGraph-Hubble: SSRF in Hubble connection page Moderate
CVE-2024-27347 was published for org.apache.hugegraph:hugegraph-hubble (Maven) Apr 22, 2024
Apache Karaf Cave: Cave SSRF and arbitrary file access Critical
CVE-2024-34365 was published for org.apache.karaf:cave (Maven) May 14, 2024
Apache Superset Server-Side Request Forgery vulnerability Moderate
CVE-2023-25504 was published for apache-superset (pip) Jul 6, 2023
Server-Side Request Forgery (SSRF) vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This... Moderate Unreviewed
CVE-2024-29090 was published Mar 28, 2024
Blind SSRF Leads to Port Scan by using Webhooks Moderate
CVE-2024-29035 was published for Umbraco.Cms.Core (NuGet) Apr 17, 2024
0xRyuzak1
Dell UCC Edge, version 2.3.0, contains a Blind SSRF on Add Customer SFTP Server vulnerability. An... High Unreviewed
CVE-2025-22399 was published Feb 11, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database