Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

117 advisories

Loading
graphite.composer.views.send_email vulnerable to SSRF High
CVE-2017-18638 was published for graphite-web (pip) Oct 25, 2019
JLLeitschuh alex
orangetw
GeoNode vulnerable to SSRF Bypass to return internal host data High
CVE-2023-42439 was published for GeoNode (pip) Sep 20, 2023
ImThatT
Django Access Control Bypass possibly leading to SSRF, RFI, and LFI attacks High
CVE-2021-33571 was published for Django (pip) Jun 10, 2021
tdunlap607
req may send an unintended request when a malformed URL is provided High
CVE-2024-45258 was published for github.com/imroc/req (Go) Aug 26, 2024
LiteLLM Server-Side Request Forgery (SSRF) vulnerability High
CVE-2024-6587 was published for litellm (pip) Sep 13, 2024
Apache Airflow denial of service vulnerability High
CVE-2023-37379 was published for apache-airflow (pip) Aug 23, 2023
ip SSRF improper categorization in isPublic High
CVE-2024-29415 was published for ip (npm) Jun 2, 2024
ThisIsMissEm
Rocket.Chat Server-Side Request Forgery (SSRF) vulnerability High
CVE-2024-39713 was published for rocket.chat (npm) Aug 5, 2024
Server-Side Request Forgery in axios High
CVE-2024-39338 was published for axios (npm) Aug 12, 2024
levpachmanov
CometVisu Backend for openHAB affected by SSRF/XSS High
CVE-2024-42467 was published for org.openhab.ui.bundles:org.openhab.ui.cometvisu (Maven) Aug 9, 2024
p- peuter
Server Side Request Forgery (SSRF) attack in Fedify High
CVE-2024-39687 was published for @fedify/fedify (npm) Jul 5, 2024
ThisIsMissEm
Apache ServiceComb Service-Center Server-Side Request Forgery vulnerability High
CVE-2023-44313 was published for github.com/apache/servicecomb-service-center (Go) Jan 31, 2024
Nuxt Icon affected by a Server-Side Request Forgery (SSRF) High
CVE-2024-42352 was published for @nuxt/icon (npm) Aug 5, 2024
OhB00 antfu
Server Side Request Forgery in Apache Axis High
CVE-2019-0227 was published for axis:axis (Maven) May 14, 2019
ebickle
Server-Side Request Forgery in gradio High
CVE-2024-4325 was published for gradio (pip) Jun 6, 2024
WildFly Elytron: SSRF security issue High
CVE-2024-1233 was published for org.wildfly.security:wildfly-elytron-realm-token (Maven) Apr 9, 2024
Paranoidhttp Server-Side Request Forgery vulnerability High
CVE-2023-24623 was published for github.com/hakobe/paranoidhttp (Go) Jan 30, 2023
Withdrawn Advisory: Weights and Biases (wandb) has a Server-Side Request Forgery (SSRF) vulnerability High
CVE-2024-4642 was published for wandb (pip) May 16, 2024 withdrawn
Next.js Server-Side Request Forgery in Server Actions High
CVE-2024-34351 was published for next (npm) May 9, 2024
Codiad SSRF Vulnerability High
CVE-2020-14044 was published for codiad/codiad (Composer) May 24, 2022
phpBB Server-Side Request Forgery (SSRF) High
CVE-2017-1000419 was published for phpbb/phpbb (Composer) May 14, 2022
phpMyAdmin SSRF in replication High
CVE-2017-1000017 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
Moodle vulnerable to Server Side Request Forgery High
CVE-2023-35133 was published for moodle/moodle (Composer) Jun 22, 2023
gradio Server-Side Request Forgery vulnerability High
CVE-2024-2206 was published for gradio (pip) Mar 27, 2024
SSRF Vulnerability on assetlinks_check(act_name, well_knowns) High
CVE-2024-29190 was published for mobsfscan (pip) Mar 22, 2024
bulutenes aydinnyunus
ProTip! Advisories are also available from the GraphQL API