GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 22,895
Composer 4,779
Erlang 36
GitHub Actions 29
Go 2,338
Maven 5,642
npm 3,972
NuGet 714
pip 3,769
Pub 12
RubyGems 923
Rust 976
Swift 38

Unreviewed advisories

All unreviewed 259,809

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

198 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

The 'wp_ajax_boost_proxy_ig' action allows administrators to make GET requests to arbitrary URLs. Critical Unreviewed

CVE-2024-6584 was published May 15, 2025

Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to Server-Side Request Forgery ... Critical Unreviewed

CVE-2021-31531 was published May 24, 2022

Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF. Critical Unreviewed

CVE-2019-3905 was published May 14, 2022

Esri Portal for ArcGIS 11.4 and prior allows a remote, unauthenticated attacker to bypass the... Critical Unreviewed

CVE-2025-4967 was published May 29, 2025

Server-side request forgery vulnerability exists in a-blog cms multiple versions. If this... Critical Unreviewed

CVE-2025-36560 was published May 19, 2025

Yifang CMS v2.0.2 is vulnerable to Server-Side Request Forgery (SSRF) in /api/file/getRemoteContent. Critical Unreviewed

CVE-2025-45887 was published May 9, 2025

Server-Side Request Forgery (SSRF) in Microsoft Power Apps allows an unauthorized attacker to... Critical Unreviewed

CVE-2025-47733 was published May 9, 2025

Server-Side Request Forgery (SSRF) in Azure allows an authorized attacker to perform spoofing... Critical Unreviewed

CVE-2025-29972 was published May 9, 2025

Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) are vulnerable to SSRF when... Critical Unreviewed

CVE-2022-35508 was published Dec 4, 2022

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014... Critical Unreviewed

CVE-2025-27655 was published Mar 5, 2025

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014... Critical Unreviewed

CVE-2025-27652 was published Mar 5, 2025

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014... Critical Unreviewed

CVE-2025-27651 was published Mar 5, 2025

In certain Lexmark products through 2023-01-12, SSRF can occur because of a lack of input... Critical Unreviewed

CVE-2023-23560 was published Jan 23, 2023

The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input... Critical Unreviewed

CVE-2021-21985 was published May 24, 2022

maccms10 v2025.1000.4047 has a Server-Side Request Forgery (SSRF) vulnerability via Add Article. Critical Unreviewed

CVE-2025-28091 was published Mar 29, 2025

maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) in the Collection... Critical Unreviewed

CVE-2025-28090 was published Mar 29, 2025

maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) via the Scheduled... Critical Unreviewed

CVE-2025-28089 was published Mar 29, 2025

eladmin v2.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an... Critical Unreviewed

CVE-2024-44677 was published Sep 10, 2024

Inflectra SpiraTeam 7.2.00 is vulnerable to Server-Side Request Forgery (SSRF) via the... Critical Unreviewed

CVE-2024-48590 was published Mar 20, 2025

A Server-Side Request Forgery (SSRF) vulnerability exists in the POST /worker_generate_stream API... Critical Unreviewed

CVE-2024-9309 was published Mar 20, 2025

wkhtmlTOpdf 0.12.6 is vulnerable to SSRF which allows an attacker to get initial access into the... Critical Unreviewed

CVE-2022-35583 was published Aug 23, 2022

Server Side Request Forgery (SSRF) vulnerability in Friendica versions after v.2023.12, allows a... Critical Unreviewed

CVE-2024-25864 was published Apr 3, 2024

JizhiCMS v2.5.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the component ... Critical Unreviewed

CVE-2025-25785 was published Mar 5, 2025

A verbose error handling issue in the proxy service implemented in the GravityZone Update Server... Critical Unreviewed

CVE-2024-6980 was published Jul 31, 2024

Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1... Critical Unreviewed

CVE-2021-27561 was published May 24, 2022

Previous 1 2 3 4 5 6 7 8 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

198 advisories