GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
73 advisories
Shopware vulnerable to Server-Side Request Forgery (SSRF) – order invoice
Low
GHSA-3cpp-fv95-mpr5
was published
for
shopware/core
(Composer)
Oct 21, 2025
Mautic vulnerable to SSRF via webhook function
Low
CVE-2025-9821
was published
for
mautic/core
(Composer)
Sep 3, 2025
WP Crontrol Authenticated (Administrator+) plugin vulnerable to Blind Server-Side Request Forgery
Moderate
CVE-2025-8678
was published
for
johnbillion/wp-crontrol
(Composer)
Aug 19, 2025
TYPO3 CMS Webhooks Server Side Request Forgery
Low
CVE-2025-47936
was published
for
typo3/cms-webhooks
(Composer)
May 20, 2025
PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery in HTML writer when embedding images is enabled
Moderate
CVE-2024-45291
was published
for
phpoffice/phpexcel
(Composer)
Oct 7, 2024
PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery when opening XLSX file
High
CVE-2024-45290
was published
for
phpoffice/phpexcel
(Composer)
Oct 7, 2024
Mautic: MST-48 Server-Side Request Forgery in Asset section
Moderate
CVE-2022-25777
was published
for
mautic/core
(Composer)
Apr 12, 2024
Authenticated Blind SSRF in automad/automad
Low
CVE-2023-7037
was published
for
automad/automad
(Composer)
Dec 21, 2023
ProTip!
Advisories are also available from the
GraphQL API