Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,780
Erlang
36
GitHub Actions
29
Go
2,338
Maven
5,000+
npm
3,973
NuGet
715
pip
3,769
Pub
12
RubyGems
923
Rust
976
Swift
38
Unreviewed advisories
All unreviewed
5,000+

663 advisories

Loading
A vulnerability classified as critical has been found in zj1983 zz up to 2024-8. Affected is an... Moderate Unreviewed
CVE-2025-1848 was published Mar 3, 2025
Memos Server-Side Request Forgery (SSRF) Moderate
CVE-2025-22952 was published for github.com/usememos/memos (Go) Feb 27, 2025
Magento Open Source allows Server-Side Request Forgery (SSRF) Moderate
CVE-2023-29291 was published for magento/community-edition (Composer) Jun 15, 2023
Magento Open Source allows Server-Side Request Forgery (SSRF) Moderate
CVE-2023-29292 was published for magento/community-edition (Composer) Jun 15, 2023
Magento Open Source allows Server-Side Request Forgery (SSRF) Moderate
CVE-2023-26366 was published for magento/community-edition (Composer) Oct 13, 2023
The WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table... Moderate Unreviewed
CVE-2024-1855 was published May 23, 2024
PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery in HTML writer when embedding images is enabled Moderate
CVE-2024-45291 was published for phpoffice/phpexcel (Composer) Oct 7, 2024
emilvirkki
A Server-Side Request Forgery (SSRF) in the component sort.php of Emlog Pro v2.5.4 allows... Moderate Unreviewed
CVE-2025-25827 was published Mar 6, 2025
The Platform.ly for WooCommerce plugin for WordPress is vulnerable to Blind Server-Side Request... Moderate Unreviewed
CVE-2024-13904 was published Mar 7, 2025
The WPGet API – Connect to any external REST API plugin for WordPress is vulnerable to Server... Moderate Unreviewed
CVE-2024-13857 was published Mar 7, 2025
A server-side request forgery (SSRF) vulnerability has been reported to affect QuLog Center. If... Moderate Unreviewed
CVE-2024-53696 was published Mar 7, 2025
The Starter Templates by FancyWP plugin for WordPress is vulnerable to Blind Server-Side Request... Moderate Unreviewed
CVE-2024-13924 was published Mar 8, 2025
A vulnerability has been found in Beijing Founder Electronics Founder Enjoys All-Media... Moderate Unreviewed
CVE-2025-2116 was published Mar 9, 2025
A vulnerability, which was classified as problematic, was found in Stoque Zeev.it 4.24. This... Moderate Unreviewed
CVE-2025-2192 was published Mar 11, 2025
Rembg allows SSRF via /api/remove Moderate
CVE-2025-25301 was published for rembg (pip) Mar 11, 2025
The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin... Moderate Unreviewed
CVE-2024-13838 was published Mar 12, 2025
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the... Moderate Unreviewed
CVE-2024-28668 was published Mar 13, 2024
A vulnerability in Veeam Service Provider Console has been identified, which allows to perform... Moderate Unreviewed
CVE-2024-45206 was published Dec 4, 2024
Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) a... Moderate Unreviewed
CVE-2025-22474 was published Mar 17, 2025
IBM QRadar Advisor 1.0.0 through 2.6.5 is vulnerable to server-side request forgery (SSRF). This... Moderate Unreviewed
CVE-2024-49822 was published Mar 18, 2025
A Server-Side Request Forgery (SSRF) in pictureproxy.php of ChatGPT commit f9f4bbc allows... Moderate Unreviewed
CVE-2024-27564 was published Mar 5, 2024
Multiple Server-Side Request Forgery (SSRF) vulnerabilities were identified in the significant... Moderate Unreviewed
CVE-2024-10457 was published Mar 20, 2025
A Server-Side Request Forgery (SSRF) vulnerability exists in infiniflow/ragflow version 0.12.0.... Moderate Unreviewed
CVE-2024-12779 was published Mar 20, 2025
langgenius/dify version 0.9.1 contains a Server-Side Request Forgery (SSRF) vulnerability. The... Moderate Unreviewed
CVE-2024-11822 was published Mar 20, 2025
A Server-Side Request Forgery (SSRF) vulnerability exists in binary-husky/gpt_academic version... Moderate Unreviewed
CVE-2024-12392 was published Mar 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database