GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,342
Erlang
31
GitHub Actions
22
Go
2,106
Maven
5,000+
npm
3,764
NuGet
679
pip
3,451
Pub
12
RubyGems
892
Rust
886
Swift
37
Unreviewed advisories
All unreviewed
5,000+
517 advisories
Filter by severity
The Friends plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up...
Moderate
Unreviewed
CVE-2024-1978
was published
Feb 29, 2024
Gomatrixserverlib Server-Side Request Forgery (SSRF) on redirects and federation
Moderate
CVE-2024-52594
was published
for
github.com/matrix-org/gomatrixserverlib
(Go)
Jan 16, 2025
Matrix Media Repo (MMR) allows Server-Side Request Forgery (SSRF) on redirects and federation
Moderate
CVE-2024-52602
was published
for
github.com/t2bot/matrix-media-repo
(Go)
Jan 16, 2025
OtCMS <=V7.46 is vulnerable to Server-Side Request Forgery (SSRF) in /admin/read.php, which can...
Moderate
Unreviewed
CVE-2024-57252
was published
Jan 17, 2025
The a+HRD from aEnrich Technology has a Server-side Request Forgery, allowing unauthenticated...
Moderate
Unreviewed
CVE-2025-0584
was published
Jan 20, 2025
Gradio vulnerable to SSRF in the path parameter of /queue/join
Moderate
CVE-2024-47167
was published
for
gradio
(pip)
Oct 10, 2024
Apache StreamPipes has possibility of SSRF in pipeline element installation process
Moderate
CVE-2024-31979
was published
for
org.apache.streampipes:streampipes-parent
(Maven)
Jul 17, 2024
Infinite loop and Blind SSRF found inside the Webfinger mechanism in @fedify/fedify
Moderate
CVE-2025-23221
was published
for
@fedify/fedify
(npm)
Jan 21, 2025
The AI Power: Complete AI Pack plugin for WordPress is vulnerable to Server-Side Request Forgery...
Moderate
Unreviewed
CVE-2024-13360
was published
Jan 22, 2025
A server side request forgery vulnerability was identified in Kibana where the /api/fleet...
Moderate
Unreviewed
CVE-2024-43710
was published
Jan 23, 2025
The Activity Plus Reloaded for BuddyPress plugin for WordPress is vulnerable to Blind Server-Side...
Moderate
Unreviewed
CVE-2024-11913
was published
Jan 24, 2025
A server-side request forgery in PAN-OS software enables an unauthenticated attacker to use the...
Moderate
Unreviewed
CVE-2024-5917
was published
Nov 14, 2024
Server-Side Request Forgery (SSRF) vulnerability in HasThemes Extensions For CF7 allows Server...
Moderate
Unreviewed
CVE-2025-24695
was published
Jan 24, 2025
Server-Side Request Forgery (SSRF) vulnerability in DLX Plugins Comment Edit Core – Simple...
Moderate
Unreviewed
CVE-2025-24703
was published
Jan 24, 2025
Server-Side Request Forgery (SSRF) vulnerability in Kiboko Labs Chained Quiz allows Server Side...
Moderate
Unreviewed
CVE-2025-24701
was published
Jan 24, 2025
The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to Server-Side...
Moderate
Unreviewed
CVE-2024-10705
was published
Jan 26, 2025
imgproxy is vulnerable to SSRF against 0.0.0.0
Moderate
CVE-2025-24354
was published
for
github.com/imgproxy/imgproxy
(Go)
Jan 27, 2025
ProTip!
Advisories are also available from the
GraphQL API