GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,703
NuGet
661
pip
3,328
Pub
11
RubyGems
884
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+
54 advisories
Filter by severity
VuFind Server-Side Request Forgery (SSRF) vulnerability
Critical
CVE-2024-25737
was published
for
vufind/vufind
(Composer)
May 22, 2024
Butterfly has path/URL confusion in resource handling leading to multiple weaknesses
Critical
CVE-2024-47883
was published
for
org.openrefine.dependencies:butterfly
(Maven)
Oct 24, 2024
Microcks contains a Server-Side Request Forgery (SSRF) via the component /jobs and /artifact/download
Critical
CVE-2023-48910
was published
for
io.github.microcks:microcks
(Maven)
Dec 4, 2023
libtaxii Server-Side Request Forgery vulnerability
Critical
CVE-2020-27197
was published
for
libtaxii
(pip)
Apr 30, 2021
CairoSVG improperly processes SVG files loaded from external resources
Critical
CVE-2023-27586
was published
for
CairoSVG
(pip)
Mar 20, 2023
MindsDB Vulnerable to Bypass of SSRF Protection with DNS Rebinding
Critical
CVE-2024-24759
was published
for
mindsdb
(pip)
Sep 5, 2024
NextChat has full-read SSRF and XSS vulnerability in /api/cors endpoint
Critical
CVE-2023-49785
was published
for
nextchat
(npm)
Aug 5, 2024
SSRF vulnerability using the Aegis DataBinding in Apache CXF
Critical
CVE-2024-28752
was published
for
org.apache.cxf:cxf-core
(Maven)
Mar 15, 2024
GitHub Security Lab (GHSL) Vulnerability Report: Arbitary write GHSL-2023-182
Critical
CVE-2023-50731
was published
for
mindsdb
(pip)
Dec 15, 2023
VuFind Server-Side Request Forgery (SSRF) vulnerability
Critical
CVE-2024-25738
was published
for
vufind/vufind
(Composer)
May 22, 2024
Apache Karaf Cave: Cave SSRF and arbitrary file access
Critical
CVE-2024-34365
was published
for
org.apache.karaf:cave
(Maven)
May 14, 2024
lobe-chat `/api/proxy` endpoint Server-Side Request Forgery vulnerability
Critical
CVE-2024-32964
was published
for
@lobehub/chat
(npm)
May 10, 2024
Moodle Blind SSRF Risk in /badges/mybackpack.php
Critical
CVE-2019-3809
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle blind Server-Side Request Forgery (SSRF) vulnerability in LTI provider library
Critical
CVE-2022-45152
was published
for
moodle/moodle
(Composer)
Nov 25, 2022
Gleez Cms Server Side Request Forgery (SSRF) vulnerability
Critical
CVE-2021-27312
was published
for
gleez/cms
(Composer)
Apr 3, 2024
Whoogle Search Path Traversal vulnerability
Critical
CVE-2024-22203
was published
for
whoogle-search
(pip)
Mar 14, 2024
Whoogle Search Server-Side Request Forgery vulnerability
Critical
CVE-2024-22205
was published
for
whoogle-search
(pip)
Mar 14, 2024
Server-Side Request Forgery (SSRF) in rudloff/alltube
Critical
CVE-2022-0768
was published
for
rudloff/alltube
(Composer)
Mar 1, 2022
MLflow Server-Side Request Forgery (SSRF)
Critical
CVE-2023-6974
was published
for
mlflow
(pip)
Dec 20, 2023
Cookies are sent to external images in rendered diff (and server side request forgery)
Critical
CVE-2023-48240
was published
for
org.xwiki.platform:xwiki-platform-diff-xml
(Maven)
Nov 20, 2023
TorchServe Server-Side Request Forgery vulnerability
Critical
CVE-2023-43654
was published
for
torchserve
(pip)
Oct 2, 2023
OpenCRX allows a remote attacker to execute arbitrary code via a crafted request
Critical
CVE-2023-46502
was published
for
org.opencrx:opencrx-client
(Maven)
Oct 31, 2023
Server-Side Request Forgery (SSRF) in vriteio/vrite
Critical
CVE-2023-5572
was published
for
@vrite/sdk
(npm)
Oct 13, 2023
Server-Side Request Forgery (SSRF) in com.ctrip.framework.apollo:apollo
Critical
CVE-2019-10686
was published
for
com.ctrip.framework.apollo:apollo
(Maven)
Apr 18, 2019
ProTip!
Advisories are also available from the
GraphQL API