Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

17 advisories

Loading
Potential access to sensitive URLs via CKAN extensions (SSRF) Moderate
CVE-2024-43371 was published for ckan (pip) Aug 21, 2024
ThrawnCA senzee1984
Server-Side Request Forgery in langchain-community.retrievers.web_research.WebResearchRetriever Moderate
CVE-2024-3095 was published for langchain-community (pip) Jun 6, 2024
eyurtsev
Mobile Security Framework (MobSF) vulnerable to SSRF in firebase database check Moderate
CVE-2024-31215 was published for mobsf (pip) Apr 4, 2024
Label Studio SSRF on Import Bypassing `SSRF_PROTECTION_ENABLED` Protections Moderate
CVE-2023-47116 was published for label-studio (pip) Jan 31, 2024
alex-elttam isacaya
Server-Side Request Forgery in mindsdb Moderate
CVE-2023-49795 was published for mindsdb (pip) Dec 12, 2023
sylwia-budzynska
Apache Superset has improper default REST API permission for Gamma users Moderate
CVE-2023-36387 was published for apache-superset (pip) Sep 6, 2023
Apache Superset Server Side Request Forgery vulnerability Moderate
CVE-2023-36388 was published for apache-superset (pip) Sep 6, 2023
Apache Superset Server-Side Request Forgery vulnerability Moderate
CVE-2023-25504 was published for apache-superset (pip) Jul 6, 2023
Withdrawn: safeurl-python contains Server-Side Request Forgery Moderate
GHSA-rw83-v3pw-m362 was published for safeurl-python (pip) Jan 30, 2023 withdrawn
safeurl-python contains Server-Side Request Forgery Moderate
CVE-2023-24622 was published for safeurl-python (pip) Jan 27, 2023
whoissecure
Heartex - Label Studio Community Edition vulnerable to SSRF in the Data Import module Moderate
CVE-2022-36551 was published for label-studio (pip) Oct 4, 2022
OpenStack Glance Server-Side Request Forgery (SSRF) Moderate
CVE-2017-7200 was published for glance (pip) May 17, 2022
Server-Side Request Forgery in calibreweb Moderate
CVE-2022-0339 was published for calibreweb (pip) Feb 1, 2022
RasmusWL
SSRF vulnerability in jupyter-server-proxy Moderate
CVE-2022-21697 was published for jupyter-server-proxy (pip) Jan 27, 2022
mr-r3bot
Server-Side Request Forgery in Plone Moderate
CVE-2021-33510 was published for Plone (pip) Jun 15, 2021
Server-side Request Forgery (SSRF) via img tags in reportlab Moderate
CVE-2020-28463 was published for reportlab (pip) Mar 29, 2021
SSRF vulnerability in Apache Airflow Moderate
CVE-2020-17513 was published for apache-airflow (pip) Dec 17, 2020
sunSUNQ
ProTip! Advisories are also available from the GraphQL API