Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,757
Erlang
35
GitHub Actions
29
Go
2,327
Maven
5,000+
npm
3,960
NuGet
712
pip
3,741
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,415 advisories

Loading
In affected Microsoft Windows versions of Octopus Deploy, the server can be coerced into sending... Moderate Unreviewed
CVE-2025-0539 was published Apr 10, 2025
Server-Side Request Forgery (SSRF) vulnerability in QuantumCloud SEO Help allows Server Side... Moderate Unreviewed
CVE-2025-32675 was published Apr 9, 2025
Server-Side Request Forgery (SSRF) vulnerability in Angelo Mandato PowerPress Podcasting allows... Moderate Unreviewed
CVE-2025-32691 was published Apr 9, 2025
Server-Side Request Forgery (SSRF) vulnerability in Joe Waymark allows Server Side Request... Moderate Unreviewed
CVE-2025-32487 was published Apr 9, 2025
Server-Side Request Forgery (SSRF) vulnerability in Jan Boddez IndieBlocks allows Server Side... Moderate Unreviewed
CVE-2025-31009 was published Apr 9, 2025
DotNetNuke.Core Vulnerable to Server-Side Request Forgery (SSRF) Moderate
CVE-2025-32372 was published for DotNetNuke.Core (NuGet) Apr 9, 2025
s0nnyWT valadas
david-poindexter
A vulnerability, which was classified as critical, has been found in mymagicpower AIAS 20250308.... Moderate Unreviewed
CVE-2025-3411 was published Apr 8, 2025
A vulnerability, which was classified as critical, was found in mymagicpower AIAS 20250308.... Moderate Unreviewed
CVE-2025-3412 was published Apr 8, 2025
LNbits Lightning Network Payment System Vulnerable to Server-Side Request Forgery via LNURL Authentication Callback Critical
CVE-2025-32013 was published for lnbits (pip) Apr 7, 2025
xbow-security
In Zammad 6.4.x before 6.4.2, SSRF can occur. Authenticated admin users can enable webhooks in... Moderate Unreviewed
CVE-2025-32358 was published Apr 5, 2025
A vulnerability was found in xujiangfei admintwo 1.0. It has been classified as critical.... Moderate Unreviewed
CVE-2025-3254 was published Apr 4, 2025
A server-side request forgery (SSRF) vulnerability in Bitdefender GravityZone Console allows an... Moderate Unreviewed
CVE-2025-2243 was published Apr 4, 2025
A server-side request forgery (SSRF) vulnerability exists in the Bitdefender GravityZone Update... Moderate Unreviewed
CVE-2025-2245 was published Apr 4, 2025
Browsershot Server-Side Request Forgery (SSRF) via setURL() Function High
CVE-2025-3192 was published for spatie/browsershot (Composer) Apr 4, 2025
Server-Side Request Forgery (SSRF) vulnerability in Wombat Plugins WP Optin Wheel allows Server... Moderate Unreviewed
CVE-2025-31824 was published Apr 1, 2025
Server-Side Request Forgery (SSRF) vulnerability in TheInnovs Team ElementsCSS Addons for... Moderate Unreviewed
CVE-2025-31796 was published Apr 1, 2025
Mobile Security Framework (MobSF) has a SSRF Vulnerability fix bypass on assetlinks_check with DNS Rebinding Moderate
CVE-2025-31116 was published for mobsf (pip) Mar 31, 2025
Sim4n6
A vulnerability was found in zhangyanbo2007 youkefu 4.2.0. It has been classified as critical.... Moderate Unreviewed
CVE-2025-2997 was published Mar 31, 2025
Server-Side Request Forgery (SSRF) vulnerability in Kishan WP Link Preview allows Server Side... Moderate Unreviewed
CVE-2025-31527 was published Mar 31, 2025
OneNav 1.1.0 is vulnerable to Server-Side Request Forgery (SSRF) in custom headers. Moderate Unreviewed
CVE-2025-28096 was published Mar 29, 2025
maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) via the Scheduled... Critical Unreviewed
CVE-2025-28089 was published Mar 29, 2025
maccms10 v2025.1000.4047 has a Server-Side Request Forgery (SSRF) vulnerability via Add Article. Critical Unreviewed
CVE-2025-28091 was published Mar 29, 2025
maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) in the Collection... Critical Unreviewed
CVE-2025-28090 was published Mar 29, 2025
ShopXO Vulnerable to Server-Side Request Forgery (SSRF) and Cross-Site Scripting (XSS) Moderate
CVE-2025-28094 was published for shopxo/shopxo (Composer) Mar 29, 2025
ShopXO Vulnerable to Server-Side Request Forgery (SSRF) via Email Settings Moderate
CVE-2025-28093 was published for shopxo/shopxo (Composer) Mar 29, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database