GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
118 advisories
Server-Side Request Forgery (SSRF) in activitypub_federation
Moderate
CVE-2025-25194
was published
for
activitypub_federation
(Rust)
Feb 10, 2025
imgproxy is vulnerable to SSRF against 0.0.0.0
Moderate
CVE-2025-24354
was published
for
github.com/imgproxy/imgproxy
(Go)
Jan 27, 2025
Infinite loop and Blind SSRF found inside the Webfinger mechanism in @fedify/fedify
Moderate
CVE-2025-23221
was published
for
@fedify/fedify
(npm)
Jan 21, 2025
Gradio vulnerable to SSRF in the path parameter of /queue/join
Moderate
CVE-2024-47167
was published
for
gradio
(pip)
Oct 10, 2024
Matrix Media Repo (MMR) allows Server-Side Request Forgery (SSRF) on redirects and federation
Moderate
CVE-2024-52602
was published
for
github.com/t2bot/matrix-media-repo
(Go)
Jan 16, 2025
Server-Side Forgery Request can be activated unmarshalling with XStream
Moderate
CVE-2020-26258
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Dec 21, 2020
safeurl-python contains Server-Side Request Forgery
Moderate
CVE-2023-24622
was published
for
safeurl-python
(pip)
Jan 27, 2023
Server-Side Request Forgery in mindsdb
Moderate
CVE-2023-49795
was published
for
mindsdb
(pip)
Dec 12, 2023
Label Studio SSRF on Import Bypassing `SSRF_PROTECTION_ENABLED` Protections
Moderate
CVE-2023-47116
was published
for
label-studio
(pip)
Jan 31, 2024
Server Side Request Forgery (SSRF) attack in Fedify
Moderate
CVE-2024-39687
was published
for
@fedify/fedify
(npm)
Jul 5, 2024
PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery in HTML writer when embedding images is enabled
Moderate
CVE-2024-45291
was published
for
phpoffice/phpspreadsheet
(Composer)
Oct 7, 2024
Inventree Server-Side Request Forgery vulnerability exposes server port/internal IP
Moderate
GHSA-vx3h-qwqw-r2wq
was published
for
inventree
(pip)
Oct 2, 2024
lobe-chat implemented an insufficient fix for GHSA-mxhq-xw3g-rphc (CVE-2024-32964)
Moderate
CVE-2024-47066
was published
for
@lobehub/chat
(npm)
Sep 23, 2024
SSRF vulnerability in jupyter-server-proxy
Moderate
CVE-2022-21697
was published
for
jupyter-server-proxy
(pip)
Jan 27, 2022
ProTip!
Advisories are also available from the
GraphQL API