Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,768
Erlang
35
GitHub Actions
29
Go
2,332
Maven
5,000+
npm
3,965
NuGet
713
pip
3,748
Pub
12
RubyGems
921
Rust
975
Swift
38
Unreviewed advisories
All unreviewed
5,000+

343 advisories

Loading
Apache Kafka Client Arbitrary File Read and Server Side Request Forgery Vulnerability Moderate
CVE-2025-27817 was published for org.apache.kafka:kafka-clients (Maven) Jun 10, 2025
GeoServer vulnerable to SSRF in TestWfsPost for specific targets, e.g. PHP + Nginx High
GHSA-68cf-j696-wvv9 was published for org.geoserver:gs-wfs (Maven) Jun 10, 2025
felixmaechtle nils-loose
GeoNetwork affected by XML External Entity (XXE) processing vulnerability in WFS indexing REST API endpoint High
GHSA-2p76-gc46-5fvc was published for org.geonetwork-opensource:gn-web-app (Maven) Jun 10, 2025
jodygarnett josegar74
[XBOW-025-068] XML External Entity (XXE) Processing Vulnerability in GeoServer WFS Service High
CVE-2025-30220 was published for org.geoserver.web:gs-web-app (Maven) Jun 10, 2025
xbow-security YacineF
aaime jodygarnett
Coverage REST API Server Side Request Forgery Moderate
CVE-2024-40625 was published for org.geoserver.web:gs-web-app (Maven) Jun 10, 2025
trganda jodygarnett
GeoServer has improper ENTITY_RESOLUTION_ALLOWLIST URI validation in XML Processing (SSRF) Critical
CVE-2024-34711 was published for org.geoserver.main:gs-main (Maven) Jun 10, 2025
lemauanhphong jodygarnett
GeoServer Vulnerable to Unauthenticated SSRF via TestWfsPost High
CVE-2024-29198 was published for org.geoserver.web:gs-app (Maven) Jun 10, 2025
thomsmith felixmaechtle
davidblasby nils-loose jodygarnett aaime
OpenShift Console Server Side Request Forgery vulnerability Moderate
CVE-2024-6538 was published for github.com/openshift/console (Go) Nov 25, 2024
Moodle SSRF Vulnerability High
CVE-2019-6970 was published for moodle/moodle (Composer) May 14, 2022
Strapi allows Server-Side Request Forgery in Webhook function Moderate
CVE-2024-52588 was published for @strapi/admin (npm) May 27, 2025
khoiminhvo32 derrickmehaffy
Markdownify MCP Server allows Server-Side Request Forgery (SSRF) via the Markdownify.get() function Moderate
CVE-2025-5276 was published for mcp-markdownify-server (npm) May 29, 2025
Apache Ranger UI vulnerable to Server Side Request Forgery Critical
CVE-2024-45479 was published for org.apache.ranger:ranger (Maven) Jan 22, 2025
Django-Select2 Vulnerable to Widget Instance Secret Cache Key Leaking High
CVE-2025-48383 was published for django-select2 (pip) May 27, 2025
neartik ronanboiteau
TYPO3 CMS Webhooks Server Side Request Forgery Low
CVE-2025-47936 was published for typo3/cms-webhooks (Composer) May 20, 2025
bnf
Moodle blind Server-Side Request Forgery (SSRF) vulnerability in LTI provider library Critical
CVE-2022-45152 was published for moodle/moodle (Composer) Nov 25, 2022
Kyverno vulnerable to SSRF via Service Calls High
GHSA-459x-q9hg-4gpq was published for github.com/kyverno/kyverno (Go) Apr 15, 2025
r0binak
phpMyAdmin server-side request forgery (SSRF) High
CVE-2016-6621 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
Crawl4AI SSRF vulnerability Moderate
CVE-2025-28197 was published for Crawl4AI (pip) Apr 18, 2025
SurrealDB bypass of deny-net flags via redirect results in server-side request forgery (SSRF) Moderate
GHSA-5q9x-554g-9jgg was published for surrealdb (Rust) Apr 11, 2025
cure53
LNbits Lightning Network Payment System Vulnerable to Server-Side Request Forgery via LNURL Authentication Callback Critical
CVE-2025-32013 was published for lnbits (pip) Apr 7, 2025
xbow-security
DotNetNuke.Core Vulnerable to Server-Side Request Forgery (SSRF) Moderate
CVE-2025-32372 was published for DotNetNuke.Core (NuGet) Apr 9, 2025
s0nnyWT valadas
david-poindexter
Browsershot Server-Side Request Forgery (SSRF) via setURL() Function High
CVE-2025-3192 was published for spatie/browsershot (Composer) Apr 4, 2025
Apache CXF: SSRF vulnerability via WADL stylesheet parameter High
CVE-2024-29736 was published for org.apache.cxf:cxf-rt-rs-service-description (Maven) Jul 19, 2024
yusuke-koyoshi
ShopXO Vulnerable to Server-Side Request Forgery (SSRF) and Cross-Site Scripting (XSS) Moderate
CVE-2025-28094 was published for shopxo/shopxo (Composer) Mar 29, 2025
ShopXO Vulnerable to Server-Side Request Forgery (SSRF) via Email Settings Moderate
CVE-2025-28093 was published for shopxo/shopxo (Composer) Mar 29, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database