Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,655
Maven
5,000+
npm
4,284
NuGet
760
pip
4,067
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,652 advisories

Loading
The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions... Moderate Unreviewed
CVE-2025-8084 was published Nov 18, 2025
The Icon List Block – Add Icon-Based Lists with Custom Styles plugin for WordPress is vulnerable... Moderate Unreviewed
CVE-2025-12376 was published Nov 18, 2025
The WP Migrate Lite – WordPress Migration Made Easy plugin for WordPress is vulnerable to Blind... Moderate Unreviewed
CVE-2025-11427 was published Nov 18, 2025
The Local Syndication plugin for WordPress is vulnerable to Server-Side Request Forgery in all... Moderate Unreviewed
CVE-2025-12962 was published Nov 18, 2025
A weakness has been identified in rachelos WeRSS we-mp-rss up to 1.4.7. Affected by this... Moderate Unreviewed
CVE-2025-13174 was published Nov 14, 2025
A vulnerability was found in SimStudioAI sim up to 51b1e97fa22c48d144aef75f8ca31a74ad2cfed2. This... Moderate Unreviewed
CVE-2025-9805 was published Nov 14, 2025
A Server-side Request Forgery vulnerability was found in the Application Server of Desktop Alert... Low Unreviewed
CVE-2025-54560 was published Nov 14, 2025
Astro vulnerable to URL manipulation via headers, leading to middleware and CVE-2025-61925 bypass Moderate
CVE-2025-64525 was published for astro (npm) Nov 13, 2025
cold-try delucis
Credited to cold-try and delucis
Lichess lila before commit 11b4c0fb00f0ffd823246f839627005459c8f05c (2025-06-02) contains a... Moderate Unreviewed
CVE-2025-52186 was published Nov 13, 2025
If kdcproxy receives a request for a realm which does not have server addresses defined in its... High Unreviewed
CVE-2025-59088 was published Nov 12, 2025
Soft Serve is vulnerable to SSRF through its Webhooks Critical
CVE-2025-64522 was published for github.com/charmbracelet/soft-serve (Go) Nov 10, 2025
Tomer-PL caarlos0
Credited to Tomer-PL and caarlos0
A Server-Side Request Forgery (SSRF) in the /api/proxy/ component of linshenkx prompt-optimizer... High Unreviewed
CVE-2025-60541 was published Nov 6, 2025
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Server... Moderate Unreviewed
CVE-2025-12560 was published Nov 6, 2025
Parse Server Vulnerable to Server-Side Request Forgery (SSRF) in File Upload via URI Format High
CVE-2025-64430 was published for parse-server (npm) Nov 5, 2025
jacksonkasi1 mtrezza
Credited to jacksonkasi1 and mtrezza
The B Carousel Block – Responsive Image and Content Carousel plugin for WordPress is vulnerable... Moderate Unreviewed
CVE-2025-12388 was published Nov 5, 2025
The WPeMatico RSS Feed Fetcher plugin for WordPress is vulnerable to Server-Side Request Forgery... Moderate Unreviewed
CVE-2025-11917 was published Nov 5, 2025
Jellysweep uses uncontrolled data in image cache API endpoint High
CVE-2025-64178 was published for github.com/jon4hz/jellysweep (Go) Nov 4, 2025
PerfreeBlog v4.0.11 is vulnerable to Server-Side Request Forgery due to a missing authorization... Moderate Unreviewed
CVE-2025-60319 was published Oct 30, 2025
An unauthenticated server-side request forgery (SSRF) vulnerability in the Thumbnail via-uri... Moderate Unreviewed
CVE-2025-60898 was published Oct 29, 2025
Keras is vulnerable to arbitrary local file loading and Server-Side Request Forgery Moderate
CVE-2025-12058 was published for keras (pip) Oct 29, 2025
Astro's bypass of image proxy domain validation leads to SSRF and potential XSS High
CVE-2025-59837 was published for astro (npm) Oct 28, 2025
everping GeneralZero
Credited to everping and GeneralZero
IBM Concert 1.0.0 through 2.0.0 Software is vulnerable to server-side request forgery (SSRF).... Moderate Unreviewed
CVE-2025-36085 was published Oct 28, 2025
The Auto Featured Image (Auto Post Thumbnail) plugin for WordPress is vulnerable to Server-Side... High Unreviewed
CVE-2025-10145 was published Oct 28, 2025
Server-Side Request Forgery (SSRF) vulnerability in Codeless Slider Templates slider-templates... Moderate Unreviewed
CVE-2025-62988 was published Oct 27, 2025
The Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce... High Unreviewed
CVE-2025-10861 was published Oct 24, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database