GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 24,467
Composer 4,952
Erlang 39
GitHub Actions 38
Go 2,612
Maven 6,092
npm 4,252
NuGet 760
pip 4,027
Pub 12
RubyGems 953
Rust 1,049
Swift 45

Unreviewed advisories

All unreviewed 275,367

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

1,634 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

An unauthenticated server-side request forgery (SSRF) vulnerability in the Thumbnail via-uri... Moderate Unreviewed

CVE-2025-60898 was published Oct 29, 2025

Keras is vulnerable to arbitrary local file loading and Server-Side Request Forgery Moderate

CVE-2025-12058 was published for keras (pip) Oct 29, 2025

Astro's bypass of image proxy domain validation leads to SSRF and potential XSS High

CVE-2025-59837 was published for astro (npm) Oct 28, 2025

Credited to everping and GeneralZero

IBM Concert 1.0.0 through 2.0.0 Software is vulnerable to server-side request forgery (SSRF).... Moderate Unreviewed

CVE-2025-36085 was published Oct 28, 2025

The Auto Featured Image (Auto Post Thumbnail) plugin for WordPress is vulnerable to Server-Side... High Unreviewed

CVE-2025-10145 was published Oct 28, 2025

Server-Side Request Forgery (SSRF) vulnerability in Codeless Slider Templates slider-templates... Moderate Unreviewed

CVE-2025-62988 was published Oct 27, 2025

The Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce... High Unreviewed

CVE-2025-10861 was published Oct 24, 2025

The Real Cookie Banner: GDPR & ePrivacy Cookie Consent plugin for WordPress is vulnerable to... Moderate Unreviewed

CVE-2025-12136 was published Oct 24, 2025

Server-side request forgery (ssrf) in Azure Compute Gallery allows an authorized attacker to... Critical Unreviewed

CVE-2025-59503 was published Oct 24, 2025

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator... Moderate Unreviewed

CVE-2025-11128 was published Oct 23, 2025

The MxChat – AI Chatbot for WordPress plugin for WordPress is vulnerable to Blind Server-Side... Moderate Unreviewed

CVE-2025-10705 was published Oct 23, 2025

Server-Side Request Forgery (SSRF) vulnerability in captcha.eu Captcha.eu captcha-eu allows... Moderate Unreviewed

CVE-2025-49374 was published Oct 22, 2025

Server-Side Request Forgery (SSRF) vulnerability in Icegram Icegram Express Pro email-subscribers... Moderate Unreviewed

CVE-2025-49917 was published Oct 22, 2025

Zimbra Collaboration (ZCS) before 10.1.12 allows SSRF because of the configuration of the chat... Moderate Unreviewed

CVE-2025-62763 was published Oct 21, 2025

Shopware vulnerable to Server-Side Request Forgery (SSRF) – order invoice Low

GHSA-3cpp-fv95-mpr5 was published for shopware/core (Composer) Oct 21, 2025

Credited to larskemper

The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Blind Server-Side... Moderate Unreviewed

CVE-2025-11536 was published Oct 21, 2025

The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for... Moderate Unreviewed

CVE-2025-11361 was published Oct 18, 2025

ThingsBoard versions < 4.2.1 contain a server-side request forgery (SSRF) vulnerability in the... Moderate Unreviewed

CVE-2025-34282 was published Oct 17, 2025

A server-side request forgery (SSRF) vulnerability in Illia Cloud illia-Builder before v4.8.5... Critical Unreviewed

CVE-2025-60279 was published Oct 17, 2025

Lobe Chat vulnerable to Server-Side Request Forgery with native web fetch module Low

CVE-2025-62505 was published for @lobehub/chat (npm) Oct 17, 2025

Credited to im-soohyun

A vulnerability was identified in NucleoidAI Nucleoid up to 0.7.10. The impacted element is the... Moderate Unreviewed

CVE-2025-11864 was published Oct 16, 2025

Angular SSR has a Server-Side Request Forgery (SSRF) flaw High

CVE-2025-62427 was published for @angular/ssr (npm) Oct 16, 2025

Credited to meDavidNS, securityMB, jkrems, alan-agius4, and josephperrott

The Task Scheduler plugin for WordPress is vulnerable to Server-Side Request Forgery in all... Moderate Unreviewed

CVE-2025-10056 was published Oct 15, 2025

karakeep v0.26.0 to v0.7.0 was discovered to contain a Server-Side Request Forgery (SSRF). Moderate Unreviewed

CVE-2025-60540 was published Oct 14, 2025

SOOP-CLM developed by PiExtract has a Server-Side Request Forgery vulnerability, allowing... Moderate Unreviewed

CVE-2025-11674 was published Oct 13, 2025

Previous1…66 Next

Previous 1 2 3 4 5 … 65 66 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

1,634 advisories