Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

29 advisories

Loading
req may send an unintended request when a malformed URL is provided High
CVE-2024-45258 was published for github.com/imroc/req (Go) Aug 26, 2024
Trufflehog vulnerable to Blind SSRF in some Detectors Low
CVE-2024-43379 was published for github.com/trufflesecurity/trufflehog/v3 (Go) Aug 19, 2024
abankalarm
memos vulnerable to Server-Side Request Forgery and Cross-site Scripting Moderate
CVE-2024-29029 was published for github.com/usememos/memos (Go) Aug 5, 2024
memos vulnerable to Server-Side Request Forgery in /api/resource Moderate
CVE-2024-29030 was published for github.com/usememos/memos (Go) Aug 5, 2024
memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta Moderate
CVE-2024-29028 was published for github.com/usememos/memos (Go) Aug 5, 2024
Server-Side Request Forgery in github.com/greenpau/caddy-security Moderate
CVE-2024-21498 was published for github.com/greenpau/caddy-security (Go) Feb 17, 2024
Apache ServiceComb Service-Center Server-Side Request Forgery vulnerability High
CVE-2023-44313 was published for github.com/apache/servicecomb-service-center (Go) Jan 31, 2024
Artifact Hub allows unsafe rego built-in Low
CVE-2023-45822 was published for github.com/artifacthub/hub (Go) Oct 19, 2023
dejanzelic
imgproxy is vulnerable to Server-Side Request Forgery Moderate
CVE-2023-30019 was published for github.com/imgproxy/imgproxy/v3 (Go) May 8, 2023
Access control issues in blackbox_exporter High
CVE-2023-26735 was published for github.com/prometheus/blackbox_exporter (Go) Apr 26, 2023
request-baskets vulnerable to Server-Side Request Forgery Moderate
CVE-2023-27163 was published for github.com/darklynx/request-baskets (Go) Mar 31, 2023
Paranoidhttp Server-Side Request Forgery vulnerability High
CVE-2023-24623 was published for github.com/hakobe/paranoidhttp (Go) Jan 30, 2023
KubeVela VelaUX APIserver has SSRF vulnerability Moderate
CVE-2022-39383 was published for github.com/oam-dev/kubevela (Go) Nov 18, 2022
Skipper vulnerable to SSRF via X-Skipper-Proxy Critical
CVE-2022-38580 was published for github.com/zalando/skipper (Go) Oct 25, 2022
tdunlap607
Server-Side Request Forgery in gogs webhook High
CVE-2022-1285 was published for gogs.io/gogs (Go) Jun 3, 2022
am0o0
Smokescreen SSRF via deny list bypass (square brackets) Moderate
CVE-2022-29188 was published for github.com/stripe/smokescreen (Go) May 24, 2022
Haxatron
Server-Side Request Forgery in charm Critical
CVE-2022-29180 was published for github.com/charmbracelet/charm (Go) May 24, 2022
Gophish vulnerable to Server-Side Request Forgery Moderate
CVE-2020-24710 was published for github.com/gophish/gophish (Go) May 24, 2022
Gogs and Gitea SSRF Vulnerability High
CVE-2018-15192 was published for code.gitea.io/gitea (Go) May 14, 2022
ProxyScotch is vulnerable to a server-side Request Forgery (SSRF) High
CVE-2022-25850 was published for github.com/hoppscotch/proxyscotch (Go) May 3, 2022
Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector High
CVE-2022-29153 was published for github.com/hashicorp/consul (Go) Apr 20, 2022
Smokescreen SSRF via deny list bypass Moderate
CVE-2022-24825 was published for github.com/stripe/smokescreen (Go) Apr 7, 2022
gregxsunday
SSRF in repository migration Moderate
GHSA-q347-cg56-pcq4 was published for gogs.io/gogs (Go) Mar 14, 2022
michaellrowley
SSRF in repository migration Moderate
CVE-2022-0870 was published for gogs.io/gogs (Go) Mar 12, 2022
Server Side Request Forgery in Grafana Moderate
CVE-2020-13379 was published for github.com/grafana/grafana (Go) Feb 15, 2022
ProTip! Advisories are also available from the GraphQL API