Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

167 advisories

Loading
SeaCMS v13.1 was discovered to a Server-Side Request Forgery (SSRF) via the url parameter at ... Critical Unreviewed
CVE-2024-44721 was published Sep 9, 2024
An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in... Critical Unreviewed
CVE-2024-38109 was published Aug 13, 2024
An Unauthenticated Server-Side Request Forgery (SSRF) in demon callback handling in Havoc 2 0.7... Critical Unreviewed
CVE-2024-41570 was published Aug 12, 2024
SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to... Critical Unreviewed
CVE-2024-40898 was published Jul 18, 2024
Volmarg Personal Management System 1.4.64 is vulnerable to SSRF (Server Side Request Forgery) via... Critical Unreviewed
CVE-2024-29319 was published Jul 5, 2024
External server-side request vulnerability in MESbook 20221021.03 version, which could allow a... Critical Unreviewed
CVE-2024-6424 was published Jul 1, 2024
A Server-Side Request Forgery (SSRF) vulnerability exists in the upload link feature of mintplex... Critical Unreviewed
CVE-2024-3149 was published Jun 6, 2024
LyLme_spage v1.9.5 is vulnerable to Server-Side Request Forgery (SSRF) via the get_head function. Critical Unreviewed
CVE-2024-36675 was published Jun 5, 2024
An issue was discovered in Logpoint before 7.4.0. Due to a lack of input validation on URLs in... Critical Unreviewed
CVE-2024-33857 was published May 7, 2024
An issue was discovered in Teledyne FLIR M300 2.00-19. Unauthenticated remote code execution can... Critical Unreviewed
CVE-2023-46295 was published May 1, 2024
A server-side request forgery (SSRF) was discovered in the Akana Community Manager Developer... Critical Unreviewed
CVE-2024-2796 was published Apr 18, 2024
An SSRF issue in REBUILD v.3.5 allows a remote attacker to obtain sensitive information and... Critical Unreviewed
CVE-2024-25294 was published Mar 20, 2024
A Server-Side Request Forgery (SSRF) in the installUpdateThemePluginAction function of WonderCMS... Critical Unreviewed
CVE-2024-27561 was published Mar 5, 2024
A Server-Side Request Forgery (SSRF) in weixin.php of ChatGPT-wechat-personal commit a0857f6... Critical Unreviewed
CVE-2024-27565 was published Mar 5, 2024
Should an instance of AnythingLLM be hosted on an internal network and the attacked be explicitly... Critical Unreviewed
CVE-2024-0759 was published Feb 27, 2024
The inclusion of the web scraper for AnythingLLM means that any user with the proper... Critical Unreviewed
CVE-2024-0455 was published Feb 26, 2024
Attacker, with permission to submit a link or submits a link via POST to be collected that is... Critical Unreviewed
CVE-2024-0440 was published Feb 26, 2024
Server Side Template Injection in Gambio 4.9.2.0 allows attackers to run arbitrary code via... Critical Unreviewed
CVE-2024-23761 was published Feb 13, 2024
Unauthenticated LFI/SSRF in JCDashboards component for Joomla. Critical Unreviewed
CVE-2023-40630 was published Dec 14, 2023
Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job... Critical Unreviewed
CVE-2023-48022 was published Nov 28, 2023
Anyscale Ray 2.6.3 and 2.8.0 allows /log_proxy SSRF. NOTE: the vendor's position is that this... Critical Unreviewed
CVE-2023-48023 was published Nov 28, 2023
The WPB Show Core WordPress plugin through 2.2 is vulnerable to server-side request forgery (SSRF... Critical Unreviewed
CVE-2023-5974 was published Nov 27, 2023
Bon Presta boninstagramcarousel between v5.2.1 to v7.0.0 was discovered to contain a Server-Side... Critical Unreviewed
CVE-2023-43982 was published Nov 3, 2023
An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code via... Critical Unreviewed
CVE-2023-41449 was published Sep 28, 2023
An issue in zzCMS v.2023 allows a remote attacker to execute arbitrary code and obtain sensitive... Critical Unreviewed
CVE-2023-42398 was published Sep 15, 2023
ProTip! Advisories are also available from the GraphQL API