GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
1,424 advisories
GeoServer vulnerable to SSRF in TestWfsPost for specific targets, e.g. PHP + Nginx
High
GHSA-68cf-j696-wvv9
was published
for
org.geoserver:gs-wfs
(Maven)
Jun 10, 2025
GeoNetwork affected by XML External Entity (XXE) processing vulnerability in WFS indexing REST API endpoint
High
GHSA-2p76-gc46-5fvc
was published
for
org.geonetwork-opensource:gn-web-app
(Maven)
Jun 10, 2025
[XBOW-025-068] XML External Entity (XXE) Processing Vulnerability in GeoServer WFS Service
High
CVE-2025-30220
was published
for
org.geoserver.web:gs-web-app
(Maven)
Jun 10, 2025
Coverage REST API Server Side Request Forgery
Moderate
CVE-2024-40625
was published
for
org.geoserver.web:gs-web-app
(Maven)
Jun 10, 2025
GeoServer has improper ENTITY_RESOLUTION_ALLOWLIST URI validation in XML Processing (SSRF)
Critical
CVE-2024-34711
was published
for
org.geoserver.main:gs-main
(Maven)
Jun 10, 2025
GeoServer Vulnerable to Unauthenticated SSRF via TestWfsPost
High
CVE-2024-29198
was published
for
org.geoserver.web:gs-app
(Maven)
Jun 10, 2025
Django-Select2 Vulnerable to Widget Instance Secret Cache Key Leaking
High
CVE-2025-48383
was published
for
django-select2
(pip)
May 27, 2025
Strapi allows Server-Side Request Forgery in Webhook function
Moderate
CVE-2024-52588
was published
for
@strapi/admin
(npm)
May 27, 2025
ProTip!
Advisories are also available from the
GraphQL API