Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,957
Maven
5,000+
npm
4,607
NuGet
787
pip
4,306
Pub
12
RubyGems
984
Rust
1,121
Swift
49
Unreviewed advisories
All unreviewed
5,000+

36 advisories

Loading
SvelteKit is vulnerable to denial of service and possible SSRF when using prerendering High
CVE-2025-67647 was published for @sveltejs/adapter-node (npm) Jan 15, 2026
cold-try teemingc
benmccann d-xuan
Credited to cold-try, teemingc, benmccann, and d-xuan
Angular SSR has a Server-Side Request Forgery (SSRF) flaw High
CVE-2025-62427 was published for @angular/ssr (npm) Oct 16, 2025
meDavidNS securityMB
hybrist alan-agius4 josephperrott
Credited to meDavidNS, securityMB, hybrist, alan-agius4, and josephperrott
Parse Server is vulnerable to Server-Side Request Forgery (SSRF) via Instagram OAuth Adapter High
CVE-2025-68150 was published for parse-server (npm) Dec 16, 2025
yueyueL mtrezza
rhdesmond
Credited to yueyueL, mtrezza, and rhdesmond
uppy's companion module is vulnerable to Server-Side Request Forgery (SSRF) High
CVE-2022-0086 was published for @uppy/companion (npm) Jan 6, 2022
Haxatron
Credited to Haxatron
axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL High
CVE-2025-27152 was published for axios (npm) Mar 7, 2025
lambdasawa maikelvdh
Credited to lambdasawa and maikelvdh
Parse Server Vulnerable to Server-Side Request Forgery (SSRF) in File Upload via URI Format High
CVE-2025-64430 was published for parse-server (npm) Nov 5, 2025
jacksonkasi1 mtrezza
Credited to jacksonkasi1 and mtrezza
Astro's bypass of image proxy domain validation leads to SSRF and potential XSS High
CVE-2025-59837 was published for astro (npm) Oct 28, 2025
everping GeneralZero
Credited to everping and GeneralZero
nossrf Server-Side Request Forgery (SSRF) High
CVE-2025-2691 was published for nossrf (npm) Mar 23, 2025
lirantal
Credited to lirantal
ssrfcheck has Incomplete IP Address Deny List that leads to Server-Side Request Forgery Vulnerability High
CVE-2025-8267 was published for ssrfcheck (npm) Jul 28, 2025
lirantal
Credited to lirantal
private-ip vulnerable to Server-Side Request Forgery High
CVE-2025-8020 was published for private-ip (npm) Jul 23, 2025
lirantal
Credited to lirantal
FlowiseAI/Flowise has Server-Side Request Forgery (SSRF) vulnerability High
CVE-2025-59527 was published for flowise (npm) Sep 15, 2025
im-soohyun
Credited to im-soohyun
Server-Side Request Forgery via /_image endpoint in Astro Cloudflare adapter High
CVE-2025-58179 was published for @astrojs/cloudflare (npm) Sep 4, 2025
ghostdevv monizb
alexanderniebuhr ascorbic ematipico delucis
Credited to ghostdevv, monizb, alexanderniebuhr, ascorbic, ematipico, and delucis
OpenNext for Cloudflare (opennextjs-cloudflare) has a SSRF vulnerability via /_next/image endpoint High
CVE-2025-6087 was published for @opennextjs/cloudflare (npm) Jun 16, 2025
ip SSRF improper categorization in isPublic High
CVE-2024-29415 was published for ip (npm) Jun 2, 2024
ThisIsMissEm
Credited to ThisIsMissEm
@lobehub/chat Server Side Request Forgery vulnerability High
CVE-2024-32965 was published for @lobehub/chat (npm) Nov 26, 2024
yyzsec
Credited to yyzsec
Strapi Server-Side Request Forgery (SSRF) High
CVE-2024-37818 was published for @strapi/strapi (npm) Jun 20, 2024
Rocket.Chat Server-Side Request Forgery (SSRF) vulnerability High
CVE-2024-39713 was published for rocket.chat (npm) Aug 5, 2024
Server-Side Request Forgery in axios High
CVE-2024-39338 was published for axios (npm) Aug 12, 2024
levpachmanov
Credited to levpachmanov
Nuxt Icon affected by a Server-Side Request Forgery (SSRF) High
CVE-2024-42352 was published for @nuxt/icon (npm) Aug 5, 2024
OhB00 antfu
Credited to OhB00 and antfu
Next.js Server-Side Request Forgery in Server Actions High
CVE-2024-34351 was published for next (npm) May 9, 2024
Server-Side Request Forgery in ftp-srv High
GHSA-r4m5-47cq-6qg8 was published for ftp-srv (npm) Sep 4, 2020
shermdog
Credited to shermdog
Miniflare vulnerable to Server-Side Request Forgery (SSRF) High
CVE-2023-7078 was published for miniflare (npm) Dec 29, 2023
Lekensteyn
Credited to Lekensteyn
SSRF & Credentials Leak High
CVE-2023-49799 was published for nuxt-api-party (npm) Dec 12, 2023
OhB00
Credited to OhB00
Server-Side Request Forgery in @uppy/companion High
CVE-2020-8205 was published for @uppy/companion (npm) Aug 13, 2020
NocoDB information disclosure vulnerability High
CVE-2022-2062 was published for nocodb (npm) Jun 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database