Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,883
Maven
5,000+
npm
4,522
NuGet
785
pip
4,262
Pub
12
RubyGems
975
Rust
1,105
Swift
49
Unreviewed advisories
All unreviewed
5,000+

1,777 advisories

Loading
NocoDB has Blind SSRF via Unvalidated HEAD Request in uploadViaURL Functionality Moderate
CVE-2026-24767 was published for nocodb (npm) Jan 28, 2026
kolega-ai-dev
Credited to kolega-ai-dev
ILIAS Learning Management System 4.3 contains a server-side request forgery vulnerability that... Moderate Unreviewed
CVE-2020-36944 was published Jan 28, 2026
vLLM vulnerable to Server-Side Request Forgery (SSRF) through MediaConnector High
CVE-2026-24779 was published for vllm (pip) Jan 28, 2026
leishilong leung-yao
Isotr0py russellb
Credited to leishilong, leung-yao, Isotr0py, and russellb
TaskWeaver has Protection Mechanism Failure and Server-Side Request Forgery (SSRF) Moderate
GHSA-gpx9-96j6-pp87 was published for agentos-taskweaver (pip) Jan 28, 2026
nnfrog
Credited to nnfrog
The TableMaster for Elementor plugin for WordPress is vulnerable to Server-Side Request Forgery... High Unreviewed
CVE-2025-14610 was published Jan 28, 2026
The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions... Moderate Unreviewed
CVE-2026-0746 was published Jan 27, 2026
Kyverno Cross-Namespace Privilege Escalation via Policy apiCall Critical
CVE-2026-22039 was published for github.com/kyverno/kyverno (Go) Jan 27, 2026
thevilledev
Credited to thevilledev
Skipper Ingress Controller Allows Unauthorized Access to Internal Services via ExternalName High
CVE-2026-24470 was published for github.com/zalando/skipper (Go) Jan 26, 2026
b0b0haha moyushui
j311yl0v3u
Credited to b0b0haha, moyushui, and j311yl0v3u
Blind Server-Side Request Forgery (SSRF) in Omada Controllers through webhook functionality,... Moderate Unreviewed
CVE-2025-9522 was published Jan 26, 2026
The Frontis Blocks plugin for WordPress is vulnerable to Server-Side Request Forgery in all... High Unreviewed
CVE-2026-0807 was published Jan 24, 2026
Server-Side Request Forgery (SSRF) vulnerability in Prince Radio Player radio-player allows... Moderate Unreviewed
CVE-2026-24548 was published Jan 23, 2026
Rekor affected by Server-Side Request Forgery (SSRF) via provided public key URL Moderate
CVE-2026-24117 was published for github.com/sigstore/rekor (Go) Jan 22, 2026
1seal
Credited to 1seal
Server-Side Request Forgery (SSRF) vulnerability in Craig Hewitt Seriously Simple Podcasting... Moderate Unreviewed
CVE-2026-24360 was published Jan 22, 2026
Server-Side Request Forgery (SSRF) vulnerability in ThemeGoods PhotoMe photome allows Server Side... Moderate Unreviewed
CVE-2026-24381 was published Jan 22, 2026
Server-Side Request Forgery (SSRF) vulnerability in wbolt.com IMGspider imgspider allows Server... Critical Unreviewed
CVE-2026-22482 was published Jan 22, 2026
Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Electrician - Electrical... Moderate Unreviewed
CVE-2026-22358 was published Jan 22, 2026
Server-Side Request Forgery (SSRF) vulnerability in WP Messiah Frontis Blocks frontis-blocks... High Unreviewed
CVE-2025-68030 was published Jan 22, 2026
Server-Side Request Forgery (SSRF) vulnerability in Marco van Wieren WPO365 wpo365-login allows... Moderate Unreviewed
CVE-2025-67961 was published Jan 22, 2026
Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Pool Services pool-services... Critical Unreviewed
CVE-2025-62741 was published Jan 22, 2026
Server-Side Request Forgery (SSRF) vulnerability in Marco Milesi ANAC XML Viewer anac-xml-viewer... Critical Unreviewed
CVE-2025-64252 was published Jan 22, 2026
A Local File Inclusion (LFI) and a Server-Side Request Forgery (SSRF) vulnerability was found in... High Unreviewed
CVE-2025-56589 was published Jan 22, 2026
Backstage has a Possible SSRF when reading from allowed URL's in `backend.reading.allow` Low
CVE-2026-24048 was published for @backstage/backend-defaults (npm) Jan 21, 2026
Mailpit has a Server-Side Request Forgery (SSRF) via HTML Check API Moderate
CVE-2026-23845 was published for github.com/axllent/mailpit (Go) Jan 21, 2026
mdisec omarkurt
Credited to mdisec and omarkurt
WeasyPrint has a Server-Side Request Forgery (SSRF) Protection Bypass via HTTP Redirect High
CVE-2025-68616 was published for weasyprint (pip) Jan 20, 2026
g4nkd
Credited to g4nkd
Keycloak’s OpenID Connect Dynamic Client Registration feature affected by Server-Side Request Forgery (SSRF) Moderate
CVE-2026-1180 was published for org.keycloak:keycloak-adapter-core (Maven) Jan 20, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database