Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,695
Maven
5,000+
npm
4,321
NuGet
761
pip
4,098
Pub
12
RubyGems
958
Rust
1,063
Swift
45
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

32 advisories

Loading
A security flaw has been discovered in Langfuse up to 3.88.0. Affected by this vulnerability is... Low Unreviewed
CVE-2025-9799 was published Dec 2, 2025
Blind Server-Side Request Forgery (SSRF) in the survey-import feature of ObjectPlanet Opinio 7... Low Unreviewed
CVE-2025-13872 was published Dec 2, 2025
A Server-side Request Forgery vulnerability was found in the Application Server of Desktop Alert... Low Unreviewed
CVE-2025-54560 was published Nov 14, 2025
CVE-2025-54087 is a server-side request forgery vulnerability in Secure Access prior to version... Low Unreviewed
CVE-2025-54087 was published Oct 2, 2025
HCL Unica Centralized Offer Management is vulnerable to a potential Server-Side Request Forgery ... Low Unreviewed
CVE-2025-31993 was published Oct 12, 2025
The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF because the IP address value... Low Unreviewed
CVE-2025-59437 was published Sep 16, 2025
The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF because the IP address value... Low Unreviewed
CVE-2025-59436 was published Sep 16, 2025
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by a Server-Side Request... Low Unreviewed
CVE-2025-54234 was published Aug 18, 2025
The Quttera Web Malware Scanner plugin for WordPress is vulnerable to Server-Side Request Forgery... Low Unreviewed
CVE-2025-8013 was published Aug 15, 2025
Under certain conditions, SAP Business Objects Business Intelligence Platform allows an... Low Unreviewed
CVE-2025-42988 was published Jun 10, 2025
open-webui v0.5.16 is vulnerable to SSRF in routers/ollama.py in function verify_connection. Low Unreviewed
CVE-2025-29446 was published Apr 21, 2025
IBM Maximo Asset Management 7.6.1.3 is vulnerable to server-side request forgery (SSRF). This may... Low Unreviewed
CVE-2025-2987 was published Apr 22, 2025
An administrative user of WebReports may perform a Server Side Request Forgery (SSRF) exploit... Low Unreviewed
CVE-2023-45705 was published Mar 28, 2024
Under certain conditions, an SSRF vulnerability in SAP CRM and SAP S/4HANA (Interaction Center)... Low Unreviewed
CVE-2025-27430 was published Mar 11, 2025
SolarWinds Platform is affected by server-side request forgery vulnerability. Proper input... Low Unreviewed
CVE-2024-52606 was published Feb 11, 2025
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.5 prior to... Low Unreviewed
CVE-2023-6195 was published Jan 31, 2025
The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form &... Low Unreviewed
CVE-2024-13450 was published Jan 25, 2025
BigFix Patch Download Plug-ins are affected by Server-Side Request Forgery (SSRF) vulnerability. ... Low Unreviewed
CVE-2024-42182 was published Jan 23, 2025
Northern.tech Hosted Mender before 2024.07.11 allows SSRF. Low Unreviewed
CVE-2024-47190 was published Nov 8, 2024
Mattermost versions 9.5.x <= 9.5.8 fail to include the metadata endpoints of Oracle Cloud and... Low Unreviewed
CVE-2024-45843 was published Sep 26, 2024
An issue in open-emr before v.7.0.2 allows a remote attacker to escalate privileges via a crafted... Low Unreviewed
CVE-2024-26476 was published Feb 29, 2024
The WP RSS Aggregator plugin for WordPress is vulnerable to Server-Side Request Forgery in all... Low Unreviewed
CVE-2024-0628 was published Feb 7, 2024
In case Cacheservice was configured to use a sproxyd object-storage backend, it would follow HTTP... Low Unreviewed
CVE-2023-26442 was published Aug 2, 2023
External service lookups for a number of protocols were vulnerable to a time-of-check/time-of-use... Low Unreviewed
CVE-2023-26438 was published Aug 2, 2023
A vulnerability has been found in Dahua Smart Parking Management up to 20230528 and classified as... Low Unreviewed
CVE-2023-3121 was published Jun 6, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database