Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

112 advisories

Loading
Backstage Scaffolder plugin vulnerable to Server-Side Request Forgery Moderate
CVE-2024-53983 was published for @backstage/plugin-scaffolder-node (npm) Dec 2, 2024
OpenShift Console Server Side Request Forgery vulnerability Moderate
CVE-2024-6538 was published for github.com/openshift/console (Go) Nov 25, 2024
gradio Server Side Request Forgery vulnerability Moderate
CVE-2024-48052 was published for gradio (pip) Nov 5, 2024
Gradio vulnerable to SSRF in the path parameter of /queue/join Moderate
CVE-2024-47167 was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
Magento Open Source Server-Side Request Forgery (SSRF) vulnerability Moderate
CVE-2024-45119 was published for magento/community-edition (Composer) Oct 10, 2024
PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery in HTML writer when embedding images is enabled Moderate
CVE-2024-45291 was published for phpoffice/phpspreadsheet (Composer) Oct 7, 2024
emilvirkki
Inventree Server-Side Request Forgery vulnerability exposes server port/internal IP Moderate
GHSA-vx3h-qwqw-r2wq was published for inventree (pip) Oct 2, 2024
febin0x10 SchrodingersGat
lobe-chat implemented an insufficient fix for GHSA-mxhq-xw3g-rphc (CVE-2024-32964) Moderate
CVE-2024-47066 was published for @lobehub/chat (npm) Sep 23, 2024
a1loy
Directus vulnerable to SSRF Loopback IP filter bypass Moderate
CVE-2024-46990 was published for @directus/api (npm) Sep 18, 2024
r3dpower
czim/file-handling vulnerable to SSRF and directory traversal Moderate
CVE-2024-47049 was published for czim/file-handling (Composer) Sep 17, 2024
req may send an unintended request when a malformed URL is provided Moderate
CVE-2024-45258 was published for github.com/imroc/req (Go) Aug 26, 2024
Potential access to sensitive URLs via CKAN extensions (SSRF) Moderate
CVE-2024-43371 was published for ckan (pip) Aug 21, 2024
ThrawnCA senzee1984
memos vulnerable to Server-Side Request Forgery in /api/resource Moderate
CVE-2024-29030 was published for github.com/usememos/memos (Go) Aug 5, 2024
memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta Moderate
CVE-2024-29028 was published for github.com/usememos/memos (Go) Aug 5, 2024
memos vulnerable to Server-Side Request Forgery and Cross-site Scripting Moderate
CVE-2024-29029 was published for github.com/usememos/memos (Go) Aug 5, 2024
Apache StreamPipes has possibility of SSRF in pipeline element installation process Moderate
CVE-2024-31979 was published for org.apache.streampipes:streampipes-parent (Maven) Jul 17, 2024
Directus Blind SSRF On File Import Moderate
CVE-2024-39699 was published for @directus/api (npm) Jul 8, 2024
dmitrii-zalmanov
Server Side Request Forgery (SSRF) attack in Fedify Moderate
CVE-2024-39687 was published for @fedify/fedify (npm) Jul 5, 2024
ThisIsMissEm
ShopXO Server-Side Request Forgery Vulnerability Moderate
CVE-2024-6524 was published for shopxo/shopxo (Composer) Jul 5, 2024
Lobe Chat API Key Leak Moderate
CVE-2024-37895 was published for @lobehub/chat (npm) Jun 17, 2024
zhuozhiyongde
Magento Open Source Server-Side Request Forgery (SSRF) vulnerability Moderate
CVE-2024-34111 was published for magento/community-edition (Composer) Jun 13, 2024
Server-Side Request Forgery in langchain-community.retrievers.web_research.WebResearchRetriever Moderate
CVE-2024-3095 was published for langchain-community (pip) Jun 6, 2024
eyurtsev
Apache HugeGraph-Hubble: SSRF in Hubble connection page Moderate
CVE-2024-27347 was published for org.apache.hugegraph:hugegraph-hubble (Maven) Apr 22, 2024
Blind SSRF Leads to Port Scan by using Webhooks Moderate
CVE-2024-29035 was published for Umbraco.Cms.Core (NuGet) Apr 17, 2024
0xRyuzak1
Mautic: MST-48 Server-Side Request Forgery in Asset section Moderate
CVE-2022-25777 was published for mautic/core (Composer) Apr 12, 2024
lenonleite
ProTip! Advisories are also available from the GraphQL API