Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

402 advisories

Loading
Apache Airflow denial of service vulnerability High
CVE-2023-37379 was published for apache-airflow (pip) Aug 23, 2023
A server-side request forgery issue has been discovered in GitLab EE affecting all versions... High Unreviewed
CVE-2024-8635 was published Sep 12, 2024
LiteLLM Server-Side Request Forgery (SSRF) vulnerability High
CVE-2024-6587 was published for litellm (pip) Sep 13, 2024
req may send an unintended request when a malformed URL is provided High
CVE-2024-45258 was published for github.com/imroc/req (Go) Aug 26, 2024
An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to... High Unreviewed
CVE-2024-38183 was published Sep 17, 2024
Django Access Control Bypass possibly leading to SSRF, RFI, and LFI attacks High
CVE-2021-33571 was published for Django (pip) Jun 10, 2021
tdunlap607
GeoNode vulnerable to SSRF Bypass to return internal host data High
CVE-2023-42439 was published for GeoNode (pip) Sep 20, 2023
ImThatT
graphite.composer.views.send_email vulnerable to SSRF High
CVE-2017-18638 was published for graphite-web (pip) Oct 25, 2019
JLLeitschuh alex
orangetw
Server-Side Request Forgery (SSRF) vulnerability in Firsh Justified Image Grid allows Server Side... High Unreviewed
CVE-2024-43989 was published Sep 23, 2024
Heartex - Label Studio Community Edition vulnerable to SSRF in the Data Import module High
CVE-2022-36551 was published for label-studio (pip) Oct 4, 2022
LangChain Server Side Request Forgery vulnerability High
CVE-2023-46229 was published for langchain (pip) Oct 19, 2023
Strapi Server-Side Request Forgery (SSRF) High
CVE-2024-37818 was published for @strapi/strapi (npm) Jun 20, 2024
PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery when opening XLSX file High
CVE-2024-45290 was published for phpoffice/phpspreadsheet (Composer) Oct 7, 2024
emilvirkki
Server-side request forgery in Ivanti Avalanche before version 6.4.5 allows a remote... High Unreviewed
CVE-2024-47008 was published Oct 8, 2024
An issue has been discovered in GitLab EE affecting all versions starting from 15.10 prior to 17... High Unreviewed
CVE-2024-8977 was published Oct 10, 2024
SSRF attacks via tracebacks in Plone High
CVE-2020-28735 was published for Plone (pip) Apr 7, 2021
A Server-Side Request Forgery (SSRF) vulnerability exists in the jpress <= v5.1.1, which can be... High Unreviewed
CVE-2024-46468 was published Oct 11, 2024
The Mapplic and Mapplic Lite plugins for WordPress are vulnerable to Server-Side Request Forgery... High Unreviewed
CVE-2012-10018 was published Oct 16, 2024
Server-Side Request Forgery in Plone High
CVE-2021-33511 was published for Plone (pip) Jun 15, 2021
An issue was discovered in Zimbra Collaboration (ZCS) 10.1.x before 10.1.1, 10.0.x before 10.0.9,... High Unreviewed
CVE-2024-45518 was published Oct 22, 2024
An issue in inducer relate before v.2024.1 allows a remote attacker to execute arbitrary code via... High Unreviewed
CVE-2024-32407 was published Apr 22, 2024
Server-side Request Forgery (SSRF) via img tags in reportlab High
CVE-2020-28463 was published for reportlab (pip) Mar 29, 2021
newbee-mall v1.0.0 is vulnerable to Server-Side Request Forgery (SSRF) via the goodsCoverImg... High Unreviewed
CVE-2024-48178 was published Oct 28, 2024
Qualitor v8.24 was discovered to contain a Server-Side Request Forgery (SSRF) via the component ... High Unreviewed
CVE-2024-48360 was published Oct 31, 2024
AppSmith Community 1.8.3 before 1.46 allows SSRF via New DataSource for application/json requests... High Unreviewed
CVE-2024-51408 was published Nov 4, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database