Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,954
Maven
5,000+
npm
4,606
NuGet
787
pip
4,305
Pub
12
RubyGems
984
Rust
1,121
Swift
49
Unreviewed advisories
All unreviewed
5,000+

36 advisories

Loading
SvelteKit is vulnerable to denial of service and possible SSRF when using prerendering High
CVE-2025-67647 was published for @sveltejs/adapter-node (npm) Jan 15, 2026
cold-try teemingc
benmccann d-xuan
Credited to cold-try, teemingc, benmccann, and d-xuan
Parse Server is vulnerable to Server-Side Request Forgery (SSRF) via Instagram OAuth Adapter High
CVE-2025-68150 was published for parse-server (npm) Dec 16, 2025
yueyueL mtrezza
rhdesmond
Credited to yueyueL, mtrezza, and rhdesmond
Parse Server Vulnerable to Server-Side Request Forgery (SSRF) in File Upload via URI Format High
CVE-2025-64430 was published for parse-server (npm) Nov 5, 2025
jacksonkasi1 mtrezza
Credited to jacksonkasi1 and mtrezza
Astro's bypass of image proxy domain validation leads to SSRF and potential XSS High
CVE-2025-59837 was published for astro (npm) Oct 28, 2025
everping GeneralZero
Credited to everping and GeneralZero
Angular SSR has a Server-Side Request Forgery (SSRF) flaw High
CVE-2025-62427 was published for @angular/ssr (npm) Oct 16, 2025
meDavidNS securityMB
hybrist alan-agius4 josephperrott
Credited to meDavidNS, securityMB, hybrist, alan-agius4, and josephperrott
FlowiseAI/Flowise has Server-Side Request Forgery (SSRF) vulnerability High
CVE-2025-59527 was published for flowise (npm) Sep 15, 2025
im-soohyun
Credited to im-soohyun
Server-Side Request Forgery via /_image endpoint in Astro Cloudflare adapter High
CVE-2025-58179 was published for @astrojs/cloudflare (npm) Sep 4, 2025
ghostdevv monizb
alexanderniebuhr ascorbic ematipico delucis
Credited to ghostdevv, monizb, alexanderniebuhr, ascorbic, ematipico, and delucis
ssrfcheck has Incomplete IP Address Deny List that leads to Server-Side Request Forgery Vulnerability High
CVE-2025-8267 was published for ssrfcheck (npm) Jul 28, 2025
lirantal
Credited to lirantal
private-ip vulnerable to Server-Side Request Forgery High
CVE-2025-8020 was published for private-ip (npm) Jul 23, 2025
lirantal
Credited to lirantal
OpenNext for Cloudflare (opennextjs-cloudflare) has a SSRF vulnerability via /_next/image endpoint High
CVE-2025-6087 was published for @opennextjs/cloudflare (npm) Jun 16, 2025
nossrf Server-Side Request Forgery (SSRF) High
CVE-2025-2691 was published for nossrf (npm) Mar 23, 2025
lirantal
Credited to lirantal
axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL High
CVE-2025-27152 was published for axios (npm) Mar 7, 2025
lambdasawa maikelvdh
Credited to lambdasawa and maikelvdh
@lobehub/chat Server Side Request Forgery vulnerability High
CVE-2024-32965 was published for @lobehub/chat (npm) Nov 26, 2024
yyzsec
Credited to yyzsec
Server-Side Request Forgery in axios High
CVE-2024-39338 was published for axios (npm) Aug 12, 2024
levpachmanov
Credited to levpachmanov
Nuxt Icon affected by a Server-Side Request Forgery (SSRF) High
CVE-2024-42352 was published for @nuxt/icon (npm) Aug 5, 2024
OhB00 antfu
Credited to OhB00 and antfu
Rocket.Chat Server-Side Request Forgery (SSRF) vulnerability High
CVE-2024-39713 was published for rocket.chat (npm) Aug 5, 2024
Strapi Server-Side Request Forgery (SSRF) High
CVE-2024-37818 was published for @strapi/strapi (npm) Jun 20, 2024
ip SSRF improper categorization in isPublic High
CVE-2024-29415 was published for ip (npm) Jun 2, 2024
ThisIsMissEm
Credited to ThisIsMissEm
Next.js Server-Side Request Forgery in Server Actions High
CVE-2024-34351 was published for next (npm) May 9, 2024
Miniflare vulnerable to Server-Side Request Forgery (SSRF) High
CVE-2023-7078 was published for miniflare (npm) Dec 29, 2023
Lekensteyn
Credited to Lekensteyn
SSRF & Credentials Leak High
CVE-2023-49799 was published for nuxt-api-party (npm) Dec 12, 2023
OhB00
Credited to OhB00
SvelteKit framework has Insufficient CSRF protection for CORS requests High
CVE-2023-29008 was published for @sveltejs/kit (npm) Apr 7, 2023
Ry0taK benmccann
dominikg Conduitry
Credited to Ry0taK, benmccann, dominikg, and Conduitry
RSSHub SSRF vulnerability High
CVE-2023-22493 was published for rsshub (npm) Jan 11, 2023
dwisiswant0
Credited to dwisiswant0
NocoDB information disclosure vulnerability High
CVE-2022-2062 was published for nocodb (npm) Jun 14, 2022
Server-Side Request Forgery in FUXA High
CVE-2021-45851 was published for @frangoteam/fuxa (npm) Mar 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database