Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,954
Maven
5,000+
npm
4,606
NuGet
787
pip
4,305
Pub
12
RubyGems
984
Rust
1,121
Swift
49
Unreviewed advisories
All unreviewed
5,000+

894 advisories

Loading
Faraday affected by SSRF via protocol-relative URL host override in build_exclusive_url Moderate
CVE-2026-25765 was published for faraday (RubyGems) Feb 9, 2026
theamanrawat neo-ai-engineer
Credited to theamanrawat and neo-ai-engineer
LangSmith Client SDK Affected by Server-Side Request Forgery via Tracing Header Injection Moderate
CVE-2026-25528 was published for langsmith (npm) Feb 9, 2026
Craft CMS Vulnerable to SSRF in GraphQL Asset Mutation via Alternative IP Notation Moderate
CVE-2026-25494 was published for craftcms/cms (Composer) Feb 9, 2026
mHe4am
Credited to mHe4am
Craft CMS Vulnerable to SSRF in GraphQL Asset Mutation via HTTP Redirect Moderate
CVE-2026-25493 was published for craftcms/cms (Composer) Feb 9, 2026
mHe4am
Credited to mHe4am
Craft CMS: save_images_Asset graphql mutation can be abused to exfiltrate AWS credentials of underlying host Moderate
CVE-2026-25492 was published for craftcms/craft (Composer) Feb 9, 2026
LeftenantZero
Credited to LeftenantZero
The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Server-Side Request... Moderate Unreviewed
CVE-2026-0632 was published Feb 9, 2026
The Pydantic-AI MCP Run Python tool configures the Deno sandbox with an overly permissive... Moderate Unreviewed
CVE-2026-25904 was published Feb 9, 2026
A weakness has been identified in ZenTao up to 21.7.6-85642. The impacted element is the function... Moderate Unreviewed
CVE-2026-1884 was published Feb 5, 2026
Server-Side Request Forgery (SSRF) vulnerability in ThemeGoods Grand Blog grandblog allows Server... Moderate Unreviewed
CVE-2026-24961 was published Feb 3, 2026
NocoDB has Blind SSRF via Unvalidated HEAD Request in uploadViaURL Functionality Moderate
CVE-2026-24767 was published for nocodb (npm) Jan 28, 2026
kolega-ai-dev
Credited to kolega-ai-dev
ILIAS Learning Management System 4.3 contains a server-side request forgery vulnerability that... Moderate Unreviewed
CVE-2020-36944 was published Jan 28, 2026
TaskWeaver has Protection Mechanism Failure and Server-Side Request Forgery (SSRF) Moderate
GHSA-gpx9-96j6-pp87 was published for agentos-taskweaver (pip) Jan 28, 2026
nnfrog
Credited to nnfrog
The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions... Moderate Unreviewed
CVE-2026-0746 was published Jan 27, 2026
Blind Server-Side Request Forgery (SSRF) in Omada Controllers through webhook functionality,... Moderate Unreviewed
CVE-2025-9522 was published Jan 26, 2026
Server-Side Request Forgery (SSRF) vulnerability in Prince Radio Player radio-player allows... Moderate Unreviewed
CVE-2026-24548 was published Jan 23, 2026
Rekor affected by Server-Side Request Forgery (SSRF) via provided public key URL Moderate
CVE-2026-24117 was published for github.com/sigstore/rekor (Go) Jan 22, 2026
1seal
Credited to 1seal
Server-Side Request Forgery (SSRF) vulnerability in ThemeGoods PhotoMe photome allows Server Side... Moderate Unreviewed
CVE-2026-24381 was published Jan 22, 2026
Server-Side Request Forgery (SSRF) vulnerability in Craig Hewitt Seriously Simple Podcasting... Moderate Unreviewed
CVE-2026-24360 was published Jan 22, 2026
Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Electrician - Electrical... Moderate Unreviewed
CVE-2026-22358 was published Jan 22, 2026
Server-Side Request Forgery (SSRF) vulnerability in Marco van Wieren WPO365 wpo365-login allows... Moderate Unreviewed
CVE-2025-67961 was published Jan 22, 2026
Mailpit has a Server-Side Request Forgery (SSRF) via HTML Check API Moderate
CVE-2026-23845 was published for github.com/axllent/mailpit (Go) Jan 21, 2026
mdisec omarkurt
Credited to mdisec and omarkurt
Keycloak’s OpenID Connect Dynamic Client Registration feature affected by Server-Side Request Forgery (SSRF) Moderate
CVE-2026-1180 was published for org.keycloak:keycloak-adapter-core (Maven) Jan 20, 2026
A flaw has been found in xiweicheng TMS up to 2.28.0. This affects the function Summary of the... Moderate Unreviewed
CVE-2026-1062 was published Jan 17, 2026
Nu Html Checker (vnu) contains a Server-Side Request Forgery (SSRF) vulnerability Moderate
CVE-2025-15104 was published for nu.validator:validator (Maven) Jan 16, 2026
augustocesarperin
Credited to augustocesarperin
The DK PDF – WordPress PDF Generator plugin for WordPress is vulnerable to Server-Side Request... Moderate Unreviewed
CVE-2025-14793 was published Jan 16, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database