GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
49 advisories
Filter by severity
graphite.composer.views.send_email vulnerable to SSRF
High
CVE-2017-18638
was published
for
graphite-web
(pip)
Oct 25, 2019
GeoNode vulnerable to SSRF Bypass to return internal host data
High
CVE-2023-42439
was published
for
GeoNode
(pip)
Sep 20, 2023
Django Access Control Bypass possibly leading to SSRF, RFI, and LFI attacks
High
CVE-2021-33571
was published
for
Django
(pip)
Jun 10, 2021
LiteLLM Server-Side Request Forgery (SSRF) vulnerability
High
CVE-2024-6587
was published
for
litellm
(pip)
Sep 13, 2024
Server-Side Request Forgery in calibreweb
Moderate
CVE-2022-0339
was published
for
calibreweb
(pip)
Feb 1, 2022
CairoSVG improperly processes SVG files loaded from external resources
Critical
CVE-2023-27586
was published
for
CairoSVG
(pip)
Mar 20, 2023
Apache Airflow denial of service vulnerability
High
CVE-2023-37379
was published
for
apache-airflow
(pip)
Aug 23, 2023
SSRF vulnerability in Apache Airflow
Moderate
CVE-2020-17513
was published
for
apache-airflow
(pip)
Dec 17, 2020
MindsDB Vulnerable to Bypass of SSRF Protection with DNS Rebinding
Critical
CVE-2024-24759
was published
for
mindsdb
(pip)
Sep 5, 2024
Potential access to sensitive URLs via CKAN extensions (SSRF)
Moderate
CVE-2024-43371
was published
for
ckan
(pip)
Aug 21, 2024
GitHub Security Lab (GHSL) Vulnerability Report: Arbitary write GHSL-2023-182
Critical
CVE-2023-50731
was published
for
mindsdb
(pip)
Dec 15, 2023
Server-Side Request Forgery in langchain-community.retrievers.web_research.WebResearchRetriever
Moderate
CVE-2024-3095
was published
for
langchain-community
(pip)
Jun 6, 2024
OpenStack Glance Server-Side Request Forgery (SSRF)
Moderate
CVE-2017-7200
was published
for
glance
(pip)
May 17, 2022
Withdrawn Advisory: Weights and Biases (wandb) has a Server-Side Request Forgery (SSRF) vulnerability
High
CVE-2024-4642
was published
for
wandb
(pip)
May 16, 2024
•
withdrawn
gradio Server-Side Request Forgery vulnerability
High
CVE-2024-2206
was published
for
gradio
(pip)
Mar 27, 2024
Mobile Security Framework (MobSF) vulnerable to SSRF in firebase database check
Moderate
CVE-2024-31215
was published
for
mobsf
(pip)
Apr 4, 2024
SSRF Vulnerability on assetlinks_check(act_name, well_knowns)
High
CVE-2024-29190
was published
for
mobsfscan
(pip)
Mar 22, 2024
Whoogle Search Server-Side Request Forgery vulnerability
Critical
CVE-2024-22205
was published
for
whoogle-search
(pip)
Mar 14, 2024
Whoogle Search Path Traversal vulnerability
Critical
CVE-2024-22203
was published
for
whoogle-search
(pip)
Mar 14, 2024
langchain Server-Side Request Forgery vulnerability
Low
CVE-2024-0243
was published
for
langchain
(pip)
Feb 26, 2024
Label Studio SSRF on Import Bypassing `SSRF_PROTECTION_ENABLED` Protections
Moderate
CVE-2023-47116
was published
for
label-studio
(pip)
Jan 31, 2024
D-Tale server-side request forgery through Web uploads
High
CVE-2024-21642
was published
for
dtale
(pip)
Jan 5, 2024
MLflow Server-Side Request Forgery (SSRF)
Critical
CVE-2023-6974
was published
for
mlflow
(pip)
Dec 20, 2023
Server-Side Request Forgery in mindsdb
Moderate
CVE-2023-49795
was published
for
mindsdb
(pip)
Dec 12, 2023
ProTip!
Advisories are also available from the
GraphQL API