Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,826
Erlang
36
GitHub Actions
32
Go
2,426
Maven
5,000+
npm
4,058
NuGet
723
pip
3,848
Pub
12
RubyGems
934
Rust
1,006
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,499 advisories

Loading
Coverage REST API Server Side Request Forgery Moderate
CVE-2024-40625 was published for org.geoserver.web:gs-web-app (Maven) Jun 10, 2025
trganda jodygarnett
GeoServer has improper ENTITY_RESOLUTION_ALLOWLIST URI validation in XML Processing (SSRF) Critical
CVE-2024-34711 was published for org.geoserver.main:gs-main (Maven) Jun 10, 2025
lemauanhphong jodygarnett
GeoServer Vulnerable to Unauthenticated SSRF via TestWfsPost High
CVE-2024-29198 was published for org.geoserver.web:gs-app (Maven) Jun 10, 2025
thomsmith felixmaechtle
davidblasby nils-loose jodygarnett aaime
Under certain conditions, SAP Business Objects Business Intelligence Platform allows an... Low Unreviewed
CVE-2025-42988 was published Jun 10, 2025
Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Car Repair Services allows... Moderate Unreviewed
CVE-2025-30997 was published Jun 6, 2025
Server-Side Request Forgery (SSRF) vulnerability in wpdive Nexa Blocks allows Server Side Request... Moderate Unreviewed
CVE-2025-30976 was published Jun 6, 2025
Server-Side Request Forgery (SSRF) vulnerability in ShawonPro SocialMark allows Server Side... Moderate Unreviewed
CVE-2025-29008 was published Jun 6, 2025
Sensitive information disclosure due to SSRF. The following products are affected: Acronis Cyber... Moderate Unreviewed
CVE-2025-48962 was published Jun 4, 2025
A vulnerability classified as critical was found in quequnlong shiyi-blog up to 1.2.1. This... Moderate Unreviewed
CVE-2025-5510 was published Jun 3, 2025
A server-side request forgery (SSRF) vulnerability exists in multiple WSO2 products due to... Moderate Unreviewed
CVE-2024-7073 was published Jun 2, 2025
Moodle SSRF Vulnerability High
CVE-2019-6970 was published for moodle/moodle (Composer) May 14, 2022
Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to Server-Side Request Forgery ... Critical Unreviewed
CVE-2021-31531 was published May 24, 2022
An issue was discovered in WSO2 Dashboard Server 2.0.0. It is possible to force the application... Moderate Unreviewed
CVE-2019-6516 was published May 24, 2022
Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF. Critical Unreviewed
CVE-2019-3905 was published May 14, 2022
An SSRF issue was discovered in Zoho Application Control Plus before version 10.0.511. The mail... Moderate Unreviewed
CVE-2020-15594 was published May 24, 2022
An issue was discovered in WSO2 API Manager 2.6.0. It is possible to force the application to... Moderate Unreviewed
CVE-2019-6512 was published May 24, 2022
maccms10 v2025.1000.4047 is vulnerable to Server-Side request forgery (SSRF) in Friend Link... Moderate Unreviewed
CVE-2025-45475 was published May 27, 2025
A vulnerability was found in chshcms mccms 2.7. It has been classified as critical. This affects... Moderate Unreviewed
CVE-2025-5327 was published May 29, 2025
Esri Portal for ArcGIS 11.4 and prior allows a remote, unauthenticated attacker to bypass the... Critical Unreviewed
CVE-2025-4967 was published May 29, 2025
Strapi allows Server-Side Request Forgery in Webhook function Moderate
CVE-2024-52588 was published for @strapi/admin (npm) May 27, 2025
khoiminhvo32 derrickmehaffy
maccms10 v2025.1000.4047 is vulnerable to Server-side request forgery (SSRF) in Email Settings. High Unreviewed
CVE-2025-45474 was published May 29, 2025
Markdownify MCP Server allows Server-Side Request Forgery (SSRF) via the Markdownify.get() function Moderate
CVE-2025-5276 was published for mcp-markdownify-server (npm) May 29, 2025
Apache Ranger UI vulnerable to Server Side Request Forgery Critical
CVE-2024-45479 was published for org.apache.ranger:ranger (Maven) Jan 22, 2025
Django-Select2 Vulnerable to Widget Instance Secret Cache Key Leaking High
CVE-2025-48383 was published for django-select2 (pip) May 27, 2025
neartik ronanboiteau
A vulnerability was found in thinkgem JeeSite up to 5.11.1. It has been rated as critical.... Moderate Unreviewed
CVE-2025-5186 was published May 26, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database