GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
22 advisories
Filter by severity
Northern.tech Hosted Mender before 2024.07.11 allows SSRF.
Low
Unreviewed
CVE-2024-47190
was published
Nov 8, 2024
Mattermost versions 9.5.x <= 9.5.8 fail to include the metadata endpoints of Oracle Cloud and...
Low
Unreviewed
CVE-2024-45843
was published
Sep 26, 2024
Authenticated Blind SSRF in automad/automad
Low
CVE-2023-7037
was published
for
automad/automad
(Composer)
Dec 21, 2023
Trufflehog vulnerable to Blind SSRF in some Detectors
Low
CVE-2024-43379
was published
for
github.com/trufflesecurity/trufflehog/v3
(Go)
Aug 19, 2024
An issue in open-emr before v.7.0.2 allows a remote attacker to escalate privileges via a crafted...
Low
Unreviewed
CVE-2024-26476
was published
Feb 29, 2024
NPM IP package incorrectly identifies some private IP addresses as public
Low
CVE-2023-42282
was published
for
ip
(npm)
Feb 8, 2024
langchain Server-Side Request Forgery vulnerability
Low
CVE-2024-0243
was published
for
langchain
(pip)
Feb 26, 2024
The WP RSS Aggregator plugin for WordPress is vulnerable to Server-Side Request Forgery in all...
Low
Unreviewed
CVE-2024-0628
was published
Feb 7, 2024
In case Cacheservice was configured to use a sproxyd object-storage backend, it would follow HTTP...
Low
Unreviewed
CVE-2023-26442
was published
Aug 2, 2023
External service lookups for a number of protocols were vulnerable to a time-of-check/time-of-use...
Low
Unreviewed
CVE-2023-26438
was published
Aug 2, 2023
google-translate-api-browser Server-Side Request Forgery (SSRF) Vulnerability
Low
CVE-2023-48711
was published
for
google-translate-api-browser
(npm)
Nov 27, 2023
A vulnerability has been found in Dahua Smart Parking Management up to 20230528 and classified as...
Low
Unreviewed
CVE-2023-3121
was published
Jun 6, 2023
Server-Side Request Forgery (SSRF) in GitHub repository bookstackapp/bookstack prior to v23.08.
Low
Unreviewed
CVE-2023-4624
was published
Aug 30, 2023
Artifact Hub allows unsafe rego built-in
Low
CVE-2023-45822
was published
for
github.com/artifacthub/hub
(Go)
Oct 19, 2023
In ArangoDB, versions v3.7.0 through v3.9.0-alpha.1 have a feature which allows downloading a...
Low
Unreviewed
CVE-2021-25939
was published
Feb 10, 2022
SSRF in editor's proxy via IPv6 link-local address in GitHub repository jgraph/drawio prior to 18...
Low
Unreviewed
CVE-2022-1722
was published
May 17, 2022
The Mailchimp for WooCommerce WordPress plugin before 2.7.2 has an AJAX action that allows high...
Low
Unreviewed
CVE-2022-2556
was published
Aug 29, 2022
A flaw was found in Ansible Tower in versions before 3.7.2. A Server Side Request Forgery flaw...
Low
Unreviewed
CVE-2020-14328
was published
May 24, 2022
IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is...
Low
Unreviewed
CVE-2020-4787
was published
May 24, 2022
IBM Forms Experience Builder could be susceptible to a server-side request forgery (SSRF) from...
Low
Unreviewed
CVE-2016-6001
was published
May 17, 2022
Harbor is vulnerable to a limited Server-Side Request Forgery (SSRF) (CVE-2020-13788)
Low
CVE-2020-13788
was published
for
github.com/goharbor/harbor
(Go)
Feb 11, 2022
Authenticated Server Side Request Forgery
Low
GHSA-8pfh-mm2g-hmc3
was published
for
shopware/core
(Composer)
Dec 21, 2020
ProTip!
Advisories are also available from the
GraphQL API