Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,957
Maven
5,000+
npm
4,607
NuGet
788
pip
4,307
Pub
12
RubyGems
984
Rust
1,121
Swift
49
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

717 advisories

Loading
DoraCMS version 3.1 and prior contains a server-side request forgery (SSRF) vulnerability in its... Moderate Unreviewed
CVE-2026-25870 was published Feb 11, 2026
Server-side request forgery (ssrf) in Azure DevOps Server allows an authorized attacker to... Moderate Unreviewed
CVE-2026-21512 was published Feb 10, 2026
The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Server-Side Request... Moderate Unreviewed
CVE-2026-0632 was published Feb 9, 2026
The Pydantic-AI MCP Run Python tool configures the Deno sandbox with an overly permissive... Moderate Unreviewed
CVE-2026-25904 was published Feb 9, 2026
An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary... Moderate Unreviewed
CVE-2025-27232 was published Dec 1, 2025
A weakness has been identified in ZenTao up to 21.7.6-85642. The impacted element is the function... Moderate Unreviewed
CVE-2026-1884 was published Feb 5, 2026
Server-Side Request Forgery (SSRF) vulnerability in ThemeGoods Grand Blog grandblog allows Server... Moderate Unreviewed
CVE-2026-24961 was published Feb 3, 2026
Server-Side Request Forgery (SSRF) vulnerability in Marco van Wieren WPO365 wpo365-login allows... Moderate Unreviewed
CVE-2025-67961 was published Jan 22, 2026
ILIAS Learning Management System 4.3 contains a server-side request forgery vulnerability that... Moderate Unreviewed
CVE-2020-36944 was published Jan 28, 2026
The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions... Moderate Unreviewed
CVE-2026-0746 was published Jan 27, 2026
Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Electrician - Electrical... Moderate Unreviewed
CVE-2026-22358 was published Jan 22, 2026
Blind Server-Side Request Forgery (SSRF) in Omada Controllers through webhook functionality,... Moderate Unreviewed
CVE-2025-9522 was published Jan 26, 2026
Server-Side Request Forgery (SSRF) vulnerability in Prince Radio Player radio-player allows... Moderate Unreviewed
CVE-2026-24548 was published Jan 23, 2026
Server-Side Request Forgery (SSRF) vulnerability in Craig Hewitt Seriously Simple Podcasting... Moderate Unreviewed
CVE-2026-24360 was published Jan 22, 2026
Server-Side Request Forgery (SSRF) vulnerability in ThemeGoods PhotoMe photome allows Server Side... Moderate Unreviewed
CVE-2026-24381 was published Jan 22, 2026
Server-Side Request Forgery (SSRF) vulnerability in Jthemes Genemy allows Server Side Request... Moderate Unreviewed
CVE-2025-59138 was published Dec 31, 2025
Server-Side Request Forgery (SSRF) vulnerability in extendons WordPress & WooCommerce Scraper... Moderate Unreviewed
CVE-2025-62088 was published Dec 31, 2025
Server-Side Request Forgery (SSRF) vulnerability in HETWORKS WordPress Image shrinker allows... Moderate Unreviewed
CVE-2025-68893 was published Dec 29, 2025
Server-Side Request Forgery (SSRF) vulnerability in ThemesInflow Hercules Core hercules-core... Moderate Unreviewed
CVE-2025-63010 was published Dec 9, 2025
Server-Side Request Forgery (SSRF) vulnerability in Youzify Youzify youzify allows Server Side... Moderate Unreviewed
CVE-2025-69014 was published Dec 30, 2025
Server-Side Request Forgery (SSRF) vulnerability in Icegram Icegram Express Pro email-subscribers... Moderate Unreviewed
CVE-2025-49917 was published Oct 22, 2025
Server-Side Request Forgery (SSRF) vulnerability in LMPixels Kerge kerge allows Server Side... Moderate Unreviewed
CVE-2025-67989 was published Dec 16, 2025
Server-Side Request Forgery (SSRF) vulnerability in Codeless Slider Templates slider-templates... Moderate Unreviewed
CVE-2025-62988 was published Oct 27, 2025
Server-Side Request Forgery (SSRF) vulnerability in captcha.eu Captcha.eu captcha-eu allows... Moderate Unreviewed
CVE-2025-49374 was published Oct 22, 2025
A flaw has been found in xiweicheng TMS up to 2.28.0. This affects the function Summary of the... Moderate Unreviewed
CVE-2026-1062 was published Jan 17, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database