GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
158 advisories
Open WebUI vulnerable to Server-Side Request Forgery (SSRF) via Arbitrary URL Processing in /api/v1/retrieval/process/web
High
CVE-2025-65958
was published
for
open-webui
(pip)
Dec 4, 2025
axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL
High
CVE-2025-27152
was published
for
axios
(npm)
Mar 7, 2025
new-api is vulnerable to SSRF Bypass
High
CVE-2025-62155
was published
for
github.com/QuantumNous/new-api
(Go)
Nov 24, 2025
Parse Server Vulnerable to Server-Side Request Forgery (SSRF) in File Upload via URI Format
High
CVE-2025-64430
was published
for
parse-server
(npm)
Nov 5, 2025
Astro's bypass of image proxy domain validation leads to SSRF and potential XSS
High
CVE-2025-59837
was published
for
astro
(npm)
Oct 28, 2025
vLLM is vulnerable to Server-Side Request Forgery (SSRF) through `MediaConnector` class
High
CVE-2025-6242
was published
for
vllm
(pip)
Oct 7, 2025
Angular SSR has a Server-Side Request Forgery (SSRF) flaw
High
CVE-2025-62427
was published
for
@angular/ssr
(npm)
Oct 16, 2025
LLaMA Factory's Chat API Contains Critical SSRF and LFI Vulnerabilities
High
CVE-2025-61784
was published
for
llamafactory
(pip)
Oct 7, 2025
nossrf Server-Side Request Forgery (SSRF)
High
CVE-2025-2691
was published
for
nossrf
(npm)
Mar 23, 2025
ssrfcheck has Incomplete IP Address Deny List that leads to Server-Side Request Forgery Vulnerability
High
CVE-2025-8267
was published
for
ssrfcheck
(npm)
Jul 28, 2025
Dragonfly vulnerable to server-side request forgery
High
CVE-2025-59346
was published
for
d7y.io/dragonfly/v2
(Go)
Sep 17, 2025
private-ip vulnerable to Server-Side Request Forgery
High
CVE-2025-8020
was published
for
private-ip
(npm)
Jul 23, 2025
Untrusted code execution in Apache XML Graphics Batik
High
CVE-2022-42890
was published
for
org.apache.xmlgraphics:batik
(Maven)
Oct 25, 2022
Apache XML Graphics Batik vulnerable to code execution via SVG.
High
CVE-2022-41704
was published
for
org.apache.xmlgraphics:batik
(Maven)
Oct 25, 2022
FlowiseAI/Flowise has Server-Side Request Forgery (SSRF) vulnerability
High
CVE-2025-59527
was published
for
flowise
(npm)
Sep 15, 2025
Server-Side Request Forgery via /_image endpoint in Astro Cloudflare adapter
High
CVE-2025-58179
was published
for
@astrojs/cloudflare
(npm)
Sep 4, 2025
XXL-JOB vulnerable to Server-Side Request Forgery
High
CVE-2024-24113
was published
for
com.xuxueli:xxl-job
(Maven)
Feb 8, 2024
XXL-JOB vulnerable to Server-Side Request Forgery (SSRF)
High
CVE-2022-43183
was published
for
com.xuxueli:xxl-job-core
(Maven)
Nov 17, 2022
ProTip!
Advisories are also available from the
GraphQL API