Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+

51 advisories

Loading
Butterfly has path/URL confusion in resource handling leading to multiple weaknesses Critical
CVE-2024-47883 was published for org.openrefine.dependencies:butterfly (Maven) Oct 24, 2024
NextChat has full-read SSRF and XSS vulnerability in /api/cors endpoint Critical
CVE-2023-49785 was published for nextchat (npm) Aug 5, 2024
nvn1729
VuFind Server-Side Request Forgery (SSRF) vulnerability Critical
CVE-2024-25738 was published for vufind/vufind (Composer) May 22, 2024
VuFind Server-Side Request Forgery (SSRF) vulnerability Critical
CVE-2024-25737 was published for vufind/vufind (Composer) May 22, 2024
Apache Karaf Cave: Cave SSRF and arbitrary file access Critical
CVE-2024-34365 was published for org.apache.karaf:cave (Maven) May 14, 2024
lobe-chat `/api/proxy` endpoint Server-Side Request Forgery vulnerability Critical
CVE-2024-32964 was published for @lobehub/chat (npm) May 10, 2024
yyzsec
Gleez Cms Server Side Request Forgery (SSRF) vulnerability Critical
CVE-2021-27312 was published for gleez/cms (Composer) Apr 3, 2024
SSRF vulnerability using the Aegis DataBinding in Apache CXF Critical
CVE-2024-28752 was published for org.apache.cxf:cxf-core (Maven) Mar 15, 2024
Whoogle Search Server-Side Request Forgery vulnerability Critical
CVE-2024-22205 was published for whoogle-search (pip) Mar 14, 2024
Whoogle Search Path Traversal vulnerability Critical
CVE-2024-22203 was published for whoogle-search (pip) Mar 14, 2024
MLflow Server-Side Request Forgery (SSRF) Critical
CVE-2023-6974 was published for mlflow (pip) Dec 20, 2023
Microcks contains a Server-Side Request Forgery (SSRF) via the component /jobs and /artifact/download Critical
CVE-2023-48910 was published for io.github.microcks:microcks (Maven) Dec 4, 2023
Cookies are sent to external images in rendered diff (and server side request forgery) Critical
CVE-2023-48240 was published for org.xwiki.platform:xwiki-platform-diff-xml (Maven) Nov 20, 2023
OpenCRX allows a remote attacker to execute arbitrary code via a crafted request Critical
CVE-2023-46502 was published for org.opencrx:opencrx-client (Maven) Oct 31, 2023
Server-Side Request Forgery (SSRF) in vriteio/vrite Critical
CVE-2023-5572 was published for @vrite/sdk (npm) Oct 13, 2023
TorchServe Server-Side Request Forgery vulnerability Critical
CVE-2023-43654 was published for torchserve (pip) Oct 2, 2023
OpenAPI Generator vulnerable to Server-Side Request Forgery Critical
CVE-2023-27162 was published for org.openapitools:openapi-generator-project (Maven) Mar 31, 2023
Ariadne Component Library vulnerable to Server-Side Request Forgery Critical
CVE-2017-20157 was published for arc/web (Composer) Dec 31, 2022
AWS SDK is vulnerable to server-side request forgery (SSRF) Critical
CVE-2022-4725 was published for com.amazonaws:aws-android-sdk-mobile-client (Maven) Dec 27, 2022
Apache CXF Server-Side Request Forgery vulnerability Critical
CVE-2022-46364 was published for org.apache.cxf:cxf-core (Maven) Dec 13, 2022
Moodle blind Server-Side Request Forgery (SSRF) vulnerability in LTI provider library Critical
CVE-2022-45152 was published for moodle/moodle (Composer) Nov 25, 2022
Skipper vulnerable to SSRF via X-Skipper-Proxy Critical
CVE-2022-38580 was published for github.com/zalando/skipper (Go) Oct 25, 2022
tdunlap607
Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url Critical
CVE-2022-2900 was published for parse-url (npm) Sep 15, 2022
allanlewis G-Rath
Rank Math SEO plugin vulnerable to Server-Side Request Forgery Critical
CVE-2022-36376 was published for rankmath/seo-by-rank-math (Composer) Sep 10, 2022
Gluu Oxauth before v4.4.1 vulnerable to Server-Side Request Forgery attacks via a crafted request_uri parameter Critical
CVE-2022-36663 was published for org.gluu:oxauth-common (Maven) Sep 7, 2022
tdunlap607
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database