GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,250
Composer 4,350
Erlang 31
GitHub Actions 22
Go 2,119
Maven 5,292
npm 3,778
NuGet 680
pip 3,459
Pub 12
RubyGems 892
Rust 888
Swift 38

Unreviewed advisories

All unreviewed 243,818

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

523 advisories

Filter by severity

Sort by

Least recently updated

The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPress is vulnerable to Server... Moderate Unreviewed

CVE-2024-12237 was published Jan 4, 2025

A vulnerability classified as problematic was found in Antabot White-Jotter up to 0.2.2. Affected... Moderate Unreviewed

CVE-2024-13032 was published Dec 30, 2024

A vulnerability, which was classified as problematic, was found in Antabot White-Jotter up to 0.2... Moderate Unreviewed

CVE-2024-13029 was published Dec 30, 2024

A vulnerability was found in WISI Tangram GT31 up to 20241214 and classified as problematic.... Moderate Unreviewed

CVE-2024-12989 was published Dec 27, 2024

IBM i 7.3, 7.4, and 7.5 is vulnerable to server-side request forgery (SSRF). This may allow an... Moderate Unreviewed

CVE-2024-51463 was published Dec 21, 2024

A server-side request forgery exists in Satellite. When a PUT HTTP request is made to ... Moderate Unreviewed

CVE-2024-12840 was published Dec 20, 2024

IBM Security Guardium 11.5 is vulnerable to server-side request forgery (SSRF). This may allow an... Moderate Unreviewed

CVE-2024-49336 was published Dec 19, 2024

The Broken Link Checker | Finder plugin for WordPress is vulnerable to Blind Server-Side Request... Moderate Unreviewed

CVE-2024-12121 was published Dec 19, 2024

Backstage Scaffolder plugin vulnerable to Server-Side Request Forgery Moderate

CVE-2024-53983 was published for @backstage/plugin-scaffolder-node (npm) Dec 2, 2024

Server-Side Request Forgery (SSRF) vulnerability in Gabe Livan Asset CleanUp: Page Speed Booster... Moderate Unreviewed

CVE-2024-53738 was published Nov 30, 2024

LinkStack 2.7.9 through 4.7.7 allows resources\views\components\favicon.blade.php link SSRF. Moderate Unreviewed

CVE-2024-35451 was published Nov 29, 2024

OpenShift Console Server Side Request Forgery vulnerability Moderate

CVE-2024-6538 was published for github.com/openshift/console (Go) Nov 25, 2024

A vulnerability classified as critical was found in IPC Unigy Management System 04.03.00.08.0027.... Moderate Unreviewed

CVE-2024-11618 was published Nov 22, 2024

Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary... Moderate Unreviewed

CVE-2024-10524 was published Nov 19, 2024

A server-side request forgery in PAN-OS software enables an unauthenticated attacker to use the... Moderate Unreviewed

CVE-2024-5917 was published Nov 14, 2024

The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`),... Moderate Unreviewed

CVE-2024-11168 was published Nov 13, 2024

Server-Side Request Forgery (SSRF) vulnerability in I Thirteen Web Solution Responsive Filterable... Moderate Unreviewed

CVE-2024-51785 was published Nov 9, 2024

The Code Embed plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions... Moderate Unreviewed

CVE-2024-10814 was published Nov 9, 2024

Northern.tech Mender before 3.6.6 and 3.7.x before 3.7.7 allows SSRF. Moderate Unreviewed

CVE-2024-46947 was published Nov 8, 2024

gradio Server Side Request Forgery vulnerability Moderate

CVE-2024-48052 was published for gradio (pip) Nov 5, 2024

Server-Side Request Forgery (SSRF) vulnerability in Noor alam Magical Addons For Elementor allows... Moderate Unreviewed

CVE-2024-51665 was published Nov 4, 2024

xtreme1 <= v0.9.1 contains a Server-Side Request Forgery (SSRF) vulnerability in the /api/data... Moderate Unreviewed

CVE-2024-48346 was published Oct 30, 2024

A Server-Side Request Forgery (SSRF) vulnerability has been identified in eladmin 2.7 and earlier... Moderate Unreviewed

CVE-2024-51242 was published Oct 30, 2024

SparkShop <=1.1.7 is vulnerable to server-side request forgery (SSRF). This vulnerability allows... Moderate Unreviewed

CVE-2024-48107 was published Oct 28, 2024

An issue was discovered in mipjz 5.0.5. In the push method of app\tag\controller\ApiAdminTag.php... Moderate Unreviewed

CVE-2024-48234 was published Oct 26, 2024

Previous 1 2 3 4 5 … 20 21 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

523 advisories