Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,951
Maven
5,000+
npm
4,596
NuGet
787
pip
4,301
Pub
12
RubyGems
982
Rust
1,121
Swift
49
Unreviewed advisories
All unreviewed
5,000+

561 advisories

Loading
ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to a Server-Side... High Unreviewed
CVE-2025-49852 was published Jun 24, 2025
LangChain Community SSRF vulnerability exists in RequestsToolkit component High
CVE-2025-2828 was published for langchain-community (pip) Jun 23, 2025
The Versa Director SD-WAN orchestration platform includes a Webhook feature for sending... High Unreviewed
CVE-2025-23172 was published Jun 19, 2025
A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (SaaS) could allow... High Unreviewed
CVE-2025-30680 was published Jun 17, 2025
OpenNext for Cloudflare (opennextjs-cloudflare) has a SSRF vulnerability via /_next/image endpoint High
CVE-2025-6087 was published for @opennextjs/cloudflare (npm) Jun 16, 2025
GeoServer vulnerable to SSRF in TestWfsPost for specific targets, e.g. PHP + Nginx High
GHSA-68cf-j696-wvv9 was published for org.geoserver:gs-wfs (Maven) Jun 10, 2025
felixmaechtle nils-loose
Credited to felixmaechtle and nils-loose
GeoNetwork affected by XML External Entity (XXE) processing vulnerability in WFS indexing REST API endpoint High
GHSA-2p76-gc46-5fvc was published for org.geonetwork-opensource:gn-web-app (Maven) Jun 10, 2025
jodygarnett josegar74
Credited to jodygarnett and josegar74
[XBOW-025-068] XML External Entity (XXE) Processing Vulnerability in GeoServer WFS Service High
CVE-2025-30220 was published for org.geoserver.web:gs-web-app (Maven) Jun 10, 2025
xbow-security YacineF
aaime jodygarnett
Credited to xbow-security, YacineF, aaime, and jodygarnett
GeoServer Vulnerable to Unauthenticated SSRF via TestWfsPost High
CVE-2024-29198 was published for org.geoserver.web:gs-app (Maven) Jun 10, 2025
thomsmith felixmaechtle
davidblasby nils-loose jodygarnett aaime
Credited to thomsmith, felixmaechtle, davidblasby, nils-loose, jodygarnett, and aaime
maccms10 v2025.1000.4047 is vulnerable to Server-side request forgery (SSRF) in Email Settings. High Unreviewed
CVE-2025-45474 was published May 29, 2025
Django-Select2 Vulnerable to Widget Instance Secret Cache Key Leaking High
CVE-2025-48383 was published for django-select2 (pip) May 27, 2025
neartik ronanboiteau
Credited to neartik and ronanboiteau
SSRF Server Side Request Forgery vulnerabilities exist in ASPECT if administrator credentials... High Unreviewed
CVE-2024-13957 was published May 22, 2025
A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance... High Unreviewed
CVE-2025-40595 was published May 14, 2025
Sematell ReplyOne 7.4.3.0 allows SSRF via the application server API. High Unreviewed
CVE-2024-48907 was published May 2, 2025
A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance... High Unreviewed
CVE-2025-2170 was published Apr 30, 2025
PostHog database_schema Server-Side Request Forgery Information Disclosure Vulnerability. This... High Unreviewed
CVE-2025-1522 was published Apr 23, 2025
PostHog slack_incoming_webhook Server-Side Request Forgery Information Disclosure Vulnerability.... High Unreviewed
CVE-2025-1521 was published Apr 23, 2025
An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Change... High Unreviewed
CVE-2025-29458 was published Apr 18, 2025
An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Import a... High Unreviewed
CVE-2025-29457 was published Apr 18, 2025
An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Mail... High Unreviewed
CVE-2025-29459 was published Apr 18, 2025
An issue in a-blogcms 3.1.15 allows a remote attacker to obtain sensitive information via the ... High Unreviewed
CVE-2025-29461 was published Apr 18, 2025
An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Add... High Unreviewed
CVE-2025-29460 was published Apr 18, 2025
An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensitive information via the... High Unreviewed
CVE-2025-29451 was published Apr 17, 2025
An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensitive information via the... High Unreviewed
CVE-2025-29452 was published Apr 17, 2025
Kyverno vulnerable to SSRF via Service Calls High
GHSA-459x-q9hg-4gpq was published for github.com/kyverno/kyverno (Go) Apr 15, 2025
r0binak
Credited to r0binak
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database