Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,950
Maven
5,000+
npm
4,596
NuGet
787
pip
4,301
Pub
12
RubyGems
982
Rust
1,121
Swift
49
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

714 advisories

Loading
The Pydantic-AI MCP Run Python tool configures the Deno sandbox with an overly permissive... Moderate Unreviewed
CVE-2026-25904 was published Feb 9, 2026
A weakness has been identified in ZenTao up to 21.7.6-85642. The impacted element is the function... Moderate Unreviewed
CVE-2026-1884 was published Feb 5, 2026
Server-Side Request Forgery (SSRF) vulnerability in ThemeGoods Grand Blog grandblog allows Server... Moderate Unreviewed
CVE-2026-24961 was published Feb 3, 2026
ILIAS Learning Management System 4.3 contains a server-side request forgery vulnerability that... Moderate Unreviewed
CVE-2020-36944 was published Jan 28, 2026
The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions... Moderate Unreviewed
CVE-2026-0746 was published Jan 27, 2026
Blind Server-Side Request Forgery (SSRF) in Omada Controllers through webhook functionality,... Moderate Unreviewed
CVE-2025-9522 was published Jan 26, 2026
Server-Side Request Forgery (SSRF) vulnerability in Prince Radio Player radio-player allows... Moderate Unreviewed
CVE-2026-24548 was published Jan 23, 2026
Server-Side Request Forgery (SSRF) vulnerability in ThemeGoods PhotoMe photome allows Server Side... Moderate Unreviewed
CVE-2026-24381 was published Jan 22, 2026
Server-Side Request Forgery (SSRF) vulnerability in Craig Hewitt Seriously Simple Podcasting... Moderate Unreviewed
CVE-2026-24360 was published Jan 22, 2026
Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Electrician - Electrical... Moderate Unreviewed
CVE-2026-22358 was published Jan 22, 2026
Server-Side Request Forgery (SSRF) vulnerability in Marco van Wieren WPO365 wpo365-login allows... Moderate Unreviewed
CVE-2025-67961 was published Jan 22, 2026
A flaw has been found in xiweicheng TMS up to 2.28.0. This affects the function Summary of the... Moderate Unreviewed
CVE-2026-1062 was published Jan 17, 2026
The DK PDF – WordPress PDF Generator plugin for WordPress is vulnerable to Server-Side Request... Moderate Unreviewed
CVE-2025-14793 was published Jan 16, 2026
lucy-xss-filter before commit 7c1de6d allows an attacker to induce server-side HEAD requests to... Moderate Unreviewed
CVE-2026-23768 was published Jan 16, 2026
Server-Side Request Forgery (SSRF) vulnerability in Sonatype Nexus Repository 3 versions 3.0.0... Moderate Unreviewed
CVE-2026-0600 was published Jan 15, 2026
Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker... Moderate Unreviewed
CVE-2026-20958 was published Jan 13, 2026
Insecure permissions in Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows authenticated... Moderate Unreviewed
CVE-2025-65784 was published Jan 13, 2026
The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Server-Side Request... Moderate Unreviewed
CVE-2025-13393 was published Jan 10, 2026
Smartliving SmartLAN/G/SI <=6.x contains an unauthenticated server-side request forgery... Moderate Unreviewed
CVE-2019-25290 was published Jan 8, 2026
Server-Side Request Forgery (SSRF) vulnerability in minnur External Media allows Server Side... Moderate Unreviewed
CVE-2025-49335 was published Jan 7, 2026
A security vulnerability has been detected in invoiceninja up to 5.12.38. The affected element is... Moderate Unreviewed
CVE-2026-0649 was published Jan 7, 2026
The Xagio SEO – AI Powered SEO plugin for WordPress is vulnerable to Server-Side Request Forgery... Moderate Unreviewed
CVE-2025-14438 was published Jan 6, 2026
A flaw has been found in go-sonic sonic up to 1.1.4. The affected element is the function... Moderate Unreviewed
CVE-2025-15414 was published Jan 2, 2026
The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-14627 was published Jan 1, 2026
Server-Side Request Forgery (SSRF) vulnerability in Jthemes Genemy allows Server Side Request... Moderate Unreviewed
CVE-2025-59138 was published Dec 31, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database