GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
173 advisories
Filter by severity
A server-side request forgery (SSRF) vulnerability has been reported to affect Notes Station 3....
Critical
Unreviewed
CVE-2024-38645
was published
Nov 22, 2024
Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection')...
Critical
Unreviewed
CVE-2024-47208
was published
Nov 18, 2024
An issue in Linux Server Heimdall v.2.6.1 allows a remote attacker to execute arbitrary code via...
Critical
Unreviewed
CVE-2024-51358
was published
Nov 6, 2024
New Cloud MyOffice SDK Collaborative Editing Server 2.2.2 through 2.8 allows SSRF via...
Critical
Unreviewed
CVE-2024-47222
was published
Sep 23, 2024
eladmin v2.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an...
Critical
Unreviewed
CVE-2024-44677
was published
Sep 10, 2024
SeaCMS v13.1 was discovered to a Server-Side Request Forgery (SSRF) via the url parameter at ...
Critical
Unreviewed
CVE-2024-44721
was published
Sep 9, 2024
An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in...
Critical
Unreviewed
CVE-2024-38109
was published
Aug 13, 2024
An issue in Prestashop v.8.1.7 and before allows a remote attacker to execute arbitrary code via...
Critical
Unreviewed
CVE-2024-41651
was published
Aug 12, 2024
An Unauthenticated Server-Side Request Forgery (SSRF) in demon callback handling in Havoc 2 0.7...
Critical
Unreviewed
CVE-2024-41570
was published
Aug 12, 2024
SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to...
Critical
Unreviewed
CVE-2024-40898
was published
Jul 18, 2024
Volmarg Personal Management System 1.4.64 is vulnerable to SSRF (Server Side Request Forgery) via...
Critical
Unreviewed
CVE-2024-29319
was published
Jul 5, 2024
External server-side request vulnerability in MESbook 20221021.03 version, which could allow a...
Critical
Unreviewed
CVE-2024-6424
was published
Jul 1, 2024
A Server-Side Request Forgery (SSRF) vulnerability exists in the upload link feature of mintplex...
Critical
Unreviewed
CVE-2024-3149
was published
Jun 6, 2024
LyLme_spage v1.9.5 is vulnerable to Server-Side Request Forgery (SSRF) via the get_head function.
Critical
Unreviewed
CVE-2024-36675
was published
Jun 5, 2024
An issue was discovered in Logpoint before 7.4.0. Due to a lack of input validation on URLs in...
Critical
Unreviewed
CVE-2024-33857
was published
May 7, 2024
An issue was discovered in Teledyne FLIR M300 2.00-19. Unauthenticated remote code execution can...
Critical
Unreviewed
CVE-2023-46295
was published
May 1, 2024
A server-side request forgery (SSRF) was discovered in the Akana Community Manager Developer...
Critical
Unreviewed
CVE-2024-2796
was published
Apr 18, 2024
An SSRF issue in REBUILD v.3.5 allows a remote attacker to obtain sensitive information and...
Critical
Unreviewed
CVE-2024-25294
was published
Mar 20, 2024
A Server-Side Request Forgery (SSRF) in the installUpdateThemePluginAction function of WonderCMS...
Critical
Unreviewed
CVE-2024-27561
was published
Mar 5, 2024
A Server-Side Request Forgery (SSRF) in weixin.php of ChatGPT-wechat-personal commit a0857f6...
Critical
Unreviewed
CVE-2024-27565
was published
Mar 5, 2024
Should an instance of AnythingLLM be hosted on an internal network and the attacked be explicitly...
Critical
Unreviewed
CVE-2024-0759
was published
Feb 27, 2024
Attacker, with permission to submit a link or submits a link via POST to be collected that is...
Critical
Unreviewed
CVE-2024-0440
was published
Feb 26, 2024
The inclusion of the web scraper for AnythingLLM means that any user with the proper...
Critical
Unreviewed
CVE-2024-0455
was published
Feb 26, 2024
Server Side Template Injection in Gambio 4.9.2.0 allows attackers to run arbitrary code via...
Critical
Unreviewed
CVE-2024-23761
was published
Feb 13, 2024
Unauthenticated LFI/SSRF in JCDashboards component for Joomla.
Critical
Unreviewed
CVE-2023-40630
was published
Dec 14, 2023
ProTip!
Advisories are also available from the
GraphQL API