Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

220 advisories

Loading
CairoSVG improperly processes SVG files loaded from external resources Critical
CVE-2023-27586 was published for CairoSVG (pip) Mar 20, 2023
Cyxow
SeaCMS v13.1 was discovered to a Server-Side Request Forgery (SSRF) via the url parameter at ... Critical Unreviewed
CVE-2024-44721 was published Sep 9, 2024
MindsDB Vulnerable to Bypass of SSRF Protection with DNS Rebinding Critical
CVE-2024-24759 was published for mindsdb (pip) Sep 5, 2024
Sim4n6
A Server-Side Request Forgery (SSRF) in weixin.php of ChatGPT-wechat-personal commit a0857f6... Critical Unreviewed
CVE-2024-27565 was published Mar 5, 2024
A Server-Side Request Forgery (SSRF) in the installUpdateThemePluginAction function of WonderCMS... Critical Unreviewed
CVE-2024-27561 was published Mar 5, 2024
An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in... Critical Unreviewed
CVE-2024-38109 was published Aug 13, 2024
An Unauthenticated Server-Side Request Forgery (SSRF) in demon callback handling in Havoc 2 0.7... Critical Unreviewed
CVE-2024-41570 was published Aug 12, 2024
NextChat has full-read SSRF and XSS vulnerability in /api/cors endpoint Critical
CVE-2023-49785 was published for nextchat (npm) Aug 5, 2024
nvn1729
An SSRF issue in REBUILD v.3.5 allows a remote attacker to obtain sensitive information and... Critical Unreviewed
CVE-2024-25294 was published Mar 20, 2024
SSRF vulnerability using the Aegis DataBinding in Apache CXF Critical
CVE-2024-28752 was published for org.apache.cxf:cxf-core (Maven) Mar 15, 2024
SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to... Critical Unreviewed
CVE-2024-40898 was published Jul 18, 2024
GitHub Security Lab (GHSL) Vulnerability Report: Arbitary write GHSL-2023-182 Critical
CVE-2023-50731 was published for mindsdb (pip) Dec 15, 2023
sylwia-budzynska
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021... Critical Unreviewed
CVE-2021-34473 was published May 24, 2022
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen... Critical Unreviewed
CVE-2021-40438 was published May 24, 2022
Volmarg Personal Management System 1.4.64 is vulnerable to SSRF (Server Side Request Forgery) via... Critical Unreviewed
CVE-2024-29319 was published Jul 5, 2024
An issue was discovered in Logpoint before 7.4.0. Due to a lack of input validation on URLs in... Critical Unreviewed
CVE-2024-33857 was published May 7, 2024
An issue was discovered in Teledyne FLIR M300 2.00-19. Unauthenticated remote code execution can... Critical Unreviewed
CVE-2023-46295 was published May 1, 2024
External server-side request vulnerability in MESbook 20221021.03 version, which could allow a... Critical Unreviewed
CVE-2024-6424 was published Jul 1, 2024
LyLme_spage v1.9.5 is vulnerable to Server-Side Request Forgery (SSRF) via the get_head function. Critical Unreviewed
CVE-2024-36675 was published Jun 5, 2024
A Server-Side Request Forgery (SSRF) vulnerability exists in the upload link feature of mintplex... Critical Unreviewed
CVE-2024-3149 was published Jun 6, 2024
VuFind Server-Side Request Forgery (SSRF) vulnerability Critical
CVE-2024-25738 was published for vufind/vufind (Composer) May 22, 2024
VuFind Server-Side Request Forgery (SSRF) vulnerability Critical
CVE-2024-25737 was published for vufind/vufind (Composer) May 22, 2024
Apache Karaf Cave: Cave SSRF and arbitrary file access Critical
CVE-2024-34365 was published for org.apache.karaf:cave (Maven) May 14, 2024
lobe-chat `/api/proxy` endpoint Server-Side Request Forgery vulnerability Critical
CVE-2024-32964 was published for @lobehub/chat (npm) May 10, 2024
yyzsec
Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job... Critical Unreviewed
CVE-2023-48022 was published Nov 28, 2023
ProTip! Advisories are also available from the GraphQL API