Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,950
Maven
5,000+
npm
4,596
NuGet
787
pip
4,301
Pub
12
RubyGems
982
Rust
1,121
Swift
49
Unreviewed advisories
All unreviewed
5,000+

887 advisories

Loading
A weakness has been identified in ZenTao up to 21.7.6-85642. The impacted element is the function... Moderate Unreviewed
CVE-2026-1884 was published Feb 5, 2026
Server-Side Request Forgery (SSRF) vulnerability in ThemeGoods Grand Blog grandblog allows Server... Moderate Unreviewed
CVE-2026-24961 was published Feb 3, 2026
NocoDB has Blind SSRF via Unvalidated HEAD Request in uploadViaURL Functionality Moderate
CVE-2026-24767 was published for nocodb (npm) Jan 28, 2026
kolega-ai-dev
Credited to kolega-ai-dev
ILIAS Learning Management System 4.3 contains a server-side request forgery vulnerability that... Moderate Unreviewed
CVE-2020-36944 was published Jan 28, 2026
TaskWeaver has Protection Mechanism Failure and Server-Side Request Forgery (SSRF) Moderate
GHSA-gpx9-96j6-pp87 was published for agentos-taskweaver (pip) Jan 28, 2026
nnfrog
Credited to nnfrog
The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions... Moderate Unreviewed
CVE-2026-0746 was published Jan 27, 2026
Blind Server-Side Request Forgery (SSRF) in Omada Controllers through webhook functionality,... Moderate Unreviewed
CVE-2025-9522 was published Jan 26, 2026
Server-Side Request Forgery (SSRF) vulnerability in Prince Radio Player radio-player allows... Moderate Unreviewed
CVE-2026-24548 was published Jan 23, 2026
Rekor affected by Server-Side Request Forgery (SSRF) via provided public key URL Moderate
CVE-2026-24117 was published for github.com/sigstore/rekor (Go) Jan 22, 2026
1seal
Credited to 1seal
Server-Side Request Forgery (SSRF) vulnerability in ThemeGoods PhotoMe photome allows Server Side... Moderate Unreviewed
CVE-2026-24381 was published Jan 22, 2026
Server-Side Request Forgery (SSRF) vulnerability in Craig Hewitt Seriously Simple Podcasting... Moderate Unreviewed
CVE-2026-24360 was published Jan 22, 2026
Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Electrician - Electrical... Moderate Unreviewed
CVE-2026-22358 was published Jan 22, 2026
Server-Side Request Forgery (SSRF) vulnerability in Marco van Wieren WPO365 wpo365-login allows... Moderate Unreviewed
CVE-2025-67961 was published Jan 22, 2026
Mailpit has a Server-Side Request Forgery (SSRF) via HTML Check API Moderate
CVE-2026-23845 was published for github.com/axllent/mailpit (Go) Jan 21, 2026
mdisec omarkurt
Credited to mdisec and omarkurt
Keycloak’s OpenID Connect Dynamic Client Registration feature affected by Server-Side Request Forgery (SSRF) Moderate
CVE-2026-1180 was published for org.keycloak:keycloak-adapter-core (Maven) Jan 20, 2026
A flaw has been found in xiweicheng TMS up to 2.28.0. This affects the function Summary of the... Moderate Unreviewed
CVE-2026-1062 was published Jan 17, 2026
Nu Html Checker (vnu) contains a Server-Side Request Forgery (SSRF) vulnerability Moderate
CVE-2025-15104 was published for nu.validator:validator (Maven) Jan 16, 2026
augustocesarperin
Credited to augustocesarperin
The DK PDF – WordPress PDF Generator plugin for WordPress is vulnerable to Server-Side Request... Moderate Unreviewed
CVE-2025-14793 was published Jan 16, 2026
lucy-xss-filter before commit 7c1de6d allows an attacker to induce server-side HEAD requests to... Moderate Unreviewed
CVE-2026-23768 was published Jan 16, 2026
Umbraco CMS contains a server-side request forgery vulnerability Moderate
CVE-2021-47776 was published for UmbracoCms (NuGet) Jan 15, 2026
Server-Side Request Forgery (SSRF) vulnerability in Sonatype Nexus Repository 3 versions 3.0.0... Moderate Unreviewed
CVE-2026-0600 was published Jan 15, 2026
Fulcio is vulnerable to Server-Side Request Forgery (SSRF) via MetaIssuer Regex Bypass Moderate
CVE-2026-22772 was published for github.com/sigstore/fulcio (Go) Jan 13, 2026
morwn
Credited to morwn
Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker... Moderate Unreviewed
CVE-2026-20958 was published Jan 13, 2026
Insecure permissions in Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows authenticated... Moderate Unreviewed
CVE-2025-65784 was published Jan 13, 2026
The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Server-Side Request... Moderate Unreviewed
CVE-2025-13393 was published Jan 10, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database