Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,680
Maven
5,000+
npm
4,308
NuGet
760
pip
4,080
Pub
12
RubyGems
958
Rust
1,061
Swift
45
Unreviewed advisories
All unreviewed
5,000+

44 advisories

Loading
new-api is vulnerable to SSRF Bypass High
CVE-2025-62155 was published for github.com/QuantumNous/new-api (Go) Nov 24, 2025
h3rrr Calcium-Ion
Credited to h3rrr and Calcium-Ion
Soft Serve is vulnerable to SSRF through its Webhooks Critical
CVE-2025-64522 was published for github.com/charmbracelet/soft-serve (Go) Nov 10, 2025
Tomer-PL caarlos0
Credited to Tomer-PL and caarlos0
Jellysweep uses uncontrolled data in image cache API endpoint High
CVE-2025-64178 was published for github.com/jon4hz/jellysweep (Go) Nov 4, 2025
Dragonfly vulnerable to server-side request forgery High
CVE-2025-59346 was published for d7y.io/dragonfly/v2 (Go) Sep 17, 2025
gaius-qi
Credited to gaius-qi
Mattermost Server SSRF Vulnerability via the Agents Plugin Low
CVE-2025-47700 was published for github.com/mattermost/mattermost-server (Go) Aug 21, 2025
Grafana Infinity Datasource Plugin SSRF Vulnerability Moderate
CVE-2025-8341 was published for github.com/grafana/grafana-infinity-datasource (Go) Aug 4, 2025
Octo STS Unauthenticated SSRF by abusing fields in OpenID Connect tokens High
CVE-2025-52477 was published for github.com/octo-sts/app (Go) Jun 26, 2025
vicevirus cpanato
mgreau eslerm
Credited to vicevirus, cpanato, mgreau, and eslerm
Kyverno vulnerable to SSRF via Service Calls High
GHSA-459x-q9hg-4gpq was published for github.com/kyverno/kyverno (Go) Apr 15, 2025
r0binak
Credited to r0binak
Memos Server-Side Request Forgery (SSRF) Moderate
CVE-2025-22952 was published for github.com/usememos/memos (Go) Feb 27, 2025
SSRF in sliver teamserver Moderate
CVE-2025-27090 was published for github.com/bishopfox/sliver (Go) Feb 19, 2025
chebuya
Credited to chebuya
imgproxy is vulnerable to SSRF against 0.0.0.0 Moderate
CVE-2025-24354 was published for github.com/imgproxy/imgproxy (Go) Jan 27, 2025
phannguyenlong Benasin
benaubin
Credited to phannguyenlong, Benasin, and benaubin
Gomatrixserverlib Server-Side Request Forgery (SSRF) on redirects and federation Moderate
CVE-2024-52594 was published for github.com/matrix-org/gomatrixserverlib (Go) Jan 16, 2025
Matrix Media Repo (MMR) allows Server-Side Request Forgery (SSRF) on redirects and federation Moderate
CVE-2024-52602 was published for github.com/t2bot/matrix-media-repo (Go) Jan 16, 2025
S7evinK
Credited to S7evinK
OpenShift Console Server Side Request Forgery vulnerability Moderate
CVE-2024-6538 was published for github.com/openshift/console (Go) Nov 25, 2024
req may send an unintended request when a malformed URL is provided Moderate
CVE-2024-45258 was published for github.com/imroc/req (Go) Aug 26, 2024
Trufflehog vulnerable to Blind SSRF in some Detectors Low
CVE-2024-43379 was published for github.com/trufflesecurity/trufflehog/v3 (Go) Aug 19, 2024
abankalarm
Credited to abankalarm
memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta Moderate
CVE-2024-29028 was published for github.com/usememos/memos (Go) Aug 5, 2024
memos vulnerable to Server-Side Request Forgery in /api/resource Moderate
CVE-2024-29030 was published for github.com/usememos/memos (Go) Aug 5, 2024
memos vulnerable to Server-Side Request Forgery and Cross-site Scripting Moderate
CVE-2024-29029 was published for github.com/usememos/memos (Go) Aug 5, 2024
Pterodactyl Wings vulnerable to Server-Side Request Forgery during remote file pull Moderate
CVE-2024-34068 was published for github.com/pterodactyl/wings (Go) May 3, 2024
TrixterTheTux matthewpi
Credited to TrixterTheTux and matthewpi
Server-Side Request Forgery in github.com/greenpau/caddy-security Moderate
CVE-2024-21498 was published for github.com/greenpau/caddy-security (Go) Feb 17, 2024
Apache ServiceComb Service-Center Server-Side Request Forgery vulnerability High
CVE-2023-44313 was published for github.com/apache/servicecomb-service-center (Go) Jan 31, 2024
Artifact Hub allows unsafe rego built-in Low
CVE-2023-45822 was published for github.com/artifacthub/hub (Go) Oct 19, 2023
dejanzelic
Credited to dejanzelic
imgproxy is vulnerable to Server-Side Request Forgery Moderate
CVE-2023-30019 was published for github.com/imgproxy/imgproxy/v3 (Go) May 8, 2023
Withdrawn Advisory: Access control issues in blackbox_exporter High
CVE-2023-26735 was published for github.com/prometheus/blackbox_exporter (Go) Apr 26, 2023 withdrawn
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database