GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,459
Composer 4,164
Erlang 30
GitHub Actions 19
Go 1,973
Maven 5,149
npm 3,695
NuGet 654
pip 3,311
Pub 11
RubyGems 881
Rust 831
Swift 35

Unreviewed advisories

All unreviewed 232,379

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

1,109 advisories

Filter by severity

Sort by

Least recently updated

xtreme1 <= v0.9.1 contains a Server-Side Request Forgery (SSRF) vulnerability in the /api/data... Moderate Unreviewed

CVE-2024-48346 was published Oct 30, 2024

A Server-Side Request Forgery (SSRF) vulnerability has been identified in eladmin 2.7 and earlier... Moderate Unreviewed

CVE-2024-51242 was published Oct 30, 2024

SparkShop <=1.1.7 is vulnerable to server-side request forgery (SSRF). This vulnerability allows... Moderate Unreviewed

CVE-2024-48107 was published Oct 28, 2024

newbee-mall v1.0.0 is vulnerable to Server-Side Request Forgery (SSRF) via the goodsCoverImg... High Unreviewed

CVE-2024-48178 was published Oct 28, 2024

An issue was discovered in mipjz 5.0.5. In the push method of app\tag\controller\ApiAdminTag.php... Moderate Unreviewed

CVE-2024-48234 was published Oct 26, 2024

An issue was found in mipjz 5.0.5. In the mipPost method of \app\setting\controller\ApiAdminTool... Moderate Unreviewed

CVE-2024-48232 was published Oct 25, 2024

An arbitrary file upload vulnerability in Huly Platform v0.6.295 allows attackers to execute... Moderate Unreviewed

CVE-2024-48450 was published Oct 25, 2024

Butterfly has path/URL confusion in resource handling leading to multiple weaknesses Critical

CVE-2024-47883 was published for org.openrefine.dependencies:butterfly (Maven) Oct 24, 2024

An issue was discovered in Zimbra Collaboration (ZCS) 10.1.x before 10.1.1, 10.0.x before 10.0.9,... High Unreviewed

CVE-2024-45518 was published Oct 22, 2024

Server-Side Request Forgery (SSRF) vulnerability in WisdmLabs Edwiser Bridge.This issue affects... Moderate Unreviewed

CVE-2024-49312 was published Oct 17, 2024

The Mapplic and Mapplic Lite plugins for WordPress are vulnerable to Server-Side Request Forgery... High Unreviewed

CVE-2012-10018 was published Oct 16, 2024

A Server-Side Request Forgery (SSRF) vulnerability exists in the jpress <= v5.1.1, which can be... High Unreviewed

CVE-2024-46468 was published Oct 11, 2024

A Server-Side Request Forgery (SSRF) vulnerability in SMA1000 appliance firmware versions 12.4.3... Unknown Unreviewed

CVE-2024-45317 was published Oct 11, 2024

Gradio vulnerable to SSRF in the path parameter of /queue/join Moderate

CVE-2024-47167 was published for gradio (pip) Oct 10, 2024

An issue has been discovered in GitLab EE affecting all versions starting from 15.10 prior to 17... High Unreviewed

CVE-2024-8977 was published Oct 10, 2024

Magento Open Source Server-Side Request Forgery (SSRF) vulnerability Moderate

CVE-2024-45119 was published for magento/community-edition (Composer) Oct 10, 2024

Server-side request forgery in Ivanti Avalanche before version 6.4.5 allows a remote... High Unreviewed

CVE-2024-47008 was published Oct 8, 2024

PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery in HTML writer when embedding images is enabled Moderate

CVE-2024-45291 was published for phpoffice/phpspreadsheet (Composer) Oct 7, 2024

PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery when opening XLSX file High

CVE-2024-45290 was published for phpoffice/phpspreadsheet (Composer) Oct 7, 2024

Ada.cx's Sentry configuration allowed for blind server-side request forgeries (SSRF) through the... Moderate Unreviewed

CVE-2024-9410 was published Oct 4, 2024

Inventree Server-Side Request Forgery vulnerability exposes server port/internal IP Moderate

GHSA-vx3h-qwqw-r2wq was published for inventree (pip) Oct 2, 2024

Mattermost versions 9.5.x <= 9.5.8 fail to include the metadata endpoints of Oracle Cloud and... Low Unreviewed

CVE-2024-45843 was published Sep 26, 2024

New Cloud MyOffice SDK Collaborative Editing Server 2.2.2 through 2.8 allows SSRF via... Critical Unreviewed

CVE-2024-47222 was published Sep 23, 2024

lobe-chat implemented an insufficient fix for GHSA-mxhq-xw3g-rphc (CVE-2024-32964) Moderate

CVE-2024-47066 was published for @lobehub/chat (npm) Sep 23, 2024

An issue in Doccano Open source annotation tools for machine learning practitioners v.1.8.4 and... Moderate Unreviewed

CVE-2024-40441 was published Sep 23, 2024

Previous 1 2 3 4 5 … 44 45 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

1,109 advisories