Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

21 advisories

Loading
Trufflehog vulnerable to Blind SSRF in some Detectors Low
CVE-2024-43379 was published for github.com/trufflesecurity/trufflehog/v3 (Go) Aug 19, 2024
abankalarm
An issue in open-emr before v.7.0.2 allows a remote attacker to escalate privileges via a crafted... Low Unreviewed
CVE-2024-26476 was published Feb 29, 2024
langchain Server-Side Request Forgery vulnerability Low
CVE-2024-0243 was published for langchain (pip) Feb 26, 2024
NPM IP package incorrectly identifies some private IP addresses as public Low
CVE-2023-42282 was published for ip (npm) Feb 8, 2024
G-Rath levpachmanov
dotboris iFreilicht
The WP RSS Aggregator plugin for WordPress is vulnerable to Server-Side Request Forgery in all... Low Unreviewed
CVE-2024-0628 was published Feb 7, 2024
Authenticated Blind SSRF in automad/automad Low
CVE-2023-7037 was published for automad/automad (Composer) Dec 21, 2023
marcantondahmen
google-translate-api-browser Server-Side Request Forgery (SSRF) Vulnerability Low
CVE-2023-48711 was published for google-translate-api-browser (npm) Nov 27, 2023
PinkDraconian
Artifact Hub allows unsafe rego built-in Low
CVE-2023-45822 was published for github.com/artifacthub/hub (Go) Oct 19, 2023
dejanzelic
Server-Side Request Forgery (SSRF) in GitHub repository bookstackapp/bookstack prior to v23.08. Low Unreviewed
CVE-2023-4624 was published Aug 30, 2023
In case Cacheservice was configured to use a sproxyd object-storage backend, it would follow HTTP... Low Unreviewed
CVE-2023-26442 was published Aug 2, 2023
External service lookups for a number of protocols were vulnerable to a time-of-check/time-of-use... Low Unreviewed
CVE-2023-26438 was published Aug 2, 2023
Synapse has URL deny list bypass via oEmbed and image URLs when generating previews Low
CVE-2023-32683 was published for matrix-synapse (pip) Jun 6, 2023
A vulnerability has been found in Dahua Smart Parking Management up to 20230528 and classified as... Low Unreviewed
CVE-2023-3121 was published Jun 6, 2023
The Mailchimp for WooCommerce WordPress plugin before 2.7.2 has an AJAX action that allows high... Low Unreviewed
CVE-2022-2556 was published Aug 29, 2022
A flaw was found in Ansible Tower in versions before 3.7.2. A Server Side Request Forgery flaw... Low Unreviewed
CVE-2020-14328 was published May 24, 2022
IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is... Low Unreviewed
CVE-2020-4787 was published May 24, 2022
IBM Forms Experience Builder could be susceptible to a server-side request forgery (SSRF) from... Low Unreviewed
CVE-2016-6001 was published May 17, 2022
SSRF in editor's proxy via IPv6 link-local address in GitHub repository jgraph/drawio prior to 18... Low Unreviewed
CVE-2022-1722 was published May 17, 2022
Harbor is vulnerable to a limited Server-Side Request Forgery (SSRF) (CVE-2020-13788) Low
CVE-2020-13788 was published for github.com/goharbor/harbor (Go) Feb 11, 2022
In ArangoDB, versions v3.7.0 through v3.9.0-alpha.1 have a feature which allows downloading a... Low Unreviewed
CVE-2021-25939 was published Feb 10, 2022
Authenticated Server Side Request Forgery Low
GHSA-8pfh-mm2g-hmc3 was published for shopware/core (Composer) Dec 21, 2020
ProTip! Advisories are also available from the GraphQL API