GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
114 advisories
Nu Html Checker (vnu) contains a Server-Side Request Forgery (SSRF) vulnerability
Moderate
CVE-2025-15104
was published
for
nu.validator:validator
(Maven)
Jan 16, 2026
Spinnaker vulnerable to SSRF due to improper restrictions on http from user input
High
CVE-2025-61916
was published
for
io.spinnaker.clouddriver:clouddriver-artifacts
(Maven)
Jan 5, 2026
PowSyBl Core XML Reader allows XXE and SSRF
Low
CVE-2025-47293
was published
for
com.powsybl:powsybl-commons
(Maven)
Jun 19, 2025
GeoServer vulnerable to SSRF in TestWfsPost for specific targets, e.g. PHP + Nginx
High
GHSA-68cf-j696-wvv9
was published
for
org.geoserver:gs-wfs
(Maven)
Jun 10, 2025
GeoNetwork affected by XML External Entity (XXE) processing vulnerability in WFS indexing REST API endpoint
High
GHSA-2p76-gc46-5fvc
was published
for
org.geonetwork-opensource:gn-web-app
(Maven)
Jun 10, 2025
[XBOW-025-068] XML External Entity (XXE) Processing Vulnerability in GeoServer WFS Service
High
CVE-2025-30220
was published
for
org.geoserver.web:gs-web-app
(Maven)
Jun 10, 2025
Coverage REST API Server Side Request Forgery
Moderate
CVE-2024-40625
was published
for
org.geoserver.web:gs-web-app
(Maven)
Jun 10, 2025
GeoServer has improper ENTITY_RESOLUTION_ALLOWLIST URI validation in XML Processing (SSRF)
Critical
CVE-2024-34711
was published
for
org.geoserver.main:gs-main
(Maven)
Jun 10, 2025
GeoServer Vulnerable to Unauthenticated SSRF via TestWfsPost
High
CVE-2024-29198
was published
for
org.geoserver.web:gs-app
(Maven)
Jun 10, 2025
QOS.CH logback-core Server-Side Request Forgery vulnerability
Low
CVE-2024-12801
was published
for
ch.qos.logback:logback-core
(Maven)
Dec 19, 2024
ProTip!
Advisories are also available from the
GraphQL API