GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
59 advisories
Strapi allows Server-Side Request Forgery in Webhook function
Moderate
CVE-2024-52588
was published
for
@strapi/admin
(npm)
May 27, 2025
axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL
High
CVE-2025-27152
was published
for
axios
(npm)
Mar 7, 2025
Infinite loop and Blind SSRF found inside the Webfinger mechanism in @fedify/fedify
Moderate
CVE-2025-23221
was published
for
@fedify/fedify
(npm)
Jan 21, 2025
@lobehub/chat Server Side Request Forgery vulnerability
High
CVE-2024-32965
was published
for
@lobehub/chat
(npm)
Nov 26, 2024
lobe-chat implemented an insufficient fix for GHSA-mxhq-xw3g-rphc (CVE-2024-32964)
Moderate
CVE-2024-47066
was published
for
@lobehub/chat
(npm)
Sep 23, 2024
Directus vulnerable to SSRF Loopback IP filter bypass
Moderate
CVE-2024-46990
was published
for
@directus/api
(npm)
Sep 18, 2024
NextChat has full-read SSRF and XSS vulnerability in /api/cors endpoint
Critical
CVE-2023-49785
was published
for
nextchat
(npm)
Aug 5, 2024
Nuxt Icon affected by a Server-Side Request Forgery (SSRF)
High
CVE-2024-42352
was published
for
@nuxt/icon
(npm)
Aug 5, 2024
Directus Blind SSRF On File Import
Moderate
CVE-2024-39699
was published
for
@directus/api
(npm)
Jul 8, 2024
Server Side Request Forgery (SSRF) attack in Fedify
Moderate
CVE-2024-39687
was published
for
@fedify/fedify
(npm)
Jul 5, 2024
ip SSRF improper categorization in isPublic
High
CVE-2024-29415
was published
for
ip
(npm)
Jun 2, 2024
lobe-chat `/api/proxy` endpoint Server-Side Request Forgery vulnerability
Critical
CVE-2024-32964
was published
for
@lobehub/chat
(npm)
May 10, 2024
RSSHub vulnerable to Server-Side Request Forgery
Moderate
CVE-2024-27927
was published
for
rsshub
(npm)
Mar 6, 2024
NPM IP package incorrectly identifies some private IP addresses as public
Low
CVE-2023-42282
was published
for
ip
(npm)
Feb 8, 2024
Miniflare vulnerable to Server-Side Request Forgery (SSRF)
High
CVE-2023-7078
was published
for
miniflare
(npm)
Dec 29, 2023
google-translate-api-browser Server-Side Request Forgery (SSRF) Vulnerability
Low
CVE-2023-48711
was published
for
google-translate-api-browser
(npm)
Nov 27, 2023
ProTip!
Advisories are also available from the
GraphQL API