Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,883
Maven
5,000+
npm
4,522
NuGet
785
pip
4,262
Pub
12
RubyGems
975
Rust
1,105
Swift
49
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

1,353 advisories

Loading
ILIAS Learning Management System 4.3 contains a server-side request forgery vulnerability that... Moderate Unreviewed
CVE-2020-36944 was published Jan 28, 2026
The TableMaster for Elementor plugin for WordPress is vulnerable to Server-Side Request Forgery... High Unreviewed
CVE-2025-14610 was published Jan 28, 2026
The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions... Moderate Unreviewed
CVE-2026-0746 was published Jan 27, 2026
Blind Server-Side Request Forgery (SSRF) in Omada Controllers through webhook functionality,... Moderate Unreviewed
CVE-2025-9522 was published Jan 26, 2026
The Frontis Blocks plugin for WordPress is vulnerable to Server-Side Request Forgery in all... High Unreviewed
CVE-2026-0807 was published Jan 24, 2026
Server-Side Request Forgery (SSRF) vulnerability in Prince Radio Player radio-player allows... Moderate Unreviewed
CVE-2026-24548 was published Jan 23, 2026
Server-Side Request Forgery (SSRF) vulnerability in Craig Hewitt Seriously Simple Podcasting... Moderate Unreviewed
CVE-2026-24360 was published Jan 22, 2026
Server-Side Request Forgery (SSRF) vulnerability in ThemeGoods PhotoMe photome allows Server Side... Moderate Unreviewed
CVE-2026-24381 was published Jan 22, 2026
Server-Side Request Forgery (SSRF) vulnerability in wbolt.com IMGspider imgspider allows Server... Critical Unreviewed
CVE-2026-22482 was published Jan 22, 2026
Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Electrician - Electrical... Moderate Unreviewed
CVE-2026-22358 was published Jan 22, 2026
Server-Side Request Forgery (SSRF) vulnerability in WP Messiah Frontis Blocks frontis-blocks... High Unreviewed
CVE-2025-68030 was published Jan 22, 2026
Server-Side Request Forgery (SSRF) vulnerability in Marco van Wieren WPO365 wpo365-login allows... Moderate Unreviewed
CVE-2025-67961 was published Jan 22, 2026
Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Pool Services pool-services... Critical Unreviewed
CVE-2025-62741 was published Jan 22, 2026
Server-Side Request Forgery (SSRF) vulnerability in Marco Milesi ANAC XML Viewer anac-xml-viewer... Critical Unreviewed
CVE-2025-64252 was published Jan 22, 2026
A Local File Inclusion (LFI) and a Server-Side Request Forgery (SSRF) vulnerability was found in... High Unreviewed
CVE-2025-56589 was published Jan 22, 2026
A flaw has been found in xiweicheng TMS up to 2.28.0. This affects the function Summary of the... Moderate Unreviewed
CVE-2026-1062 was published Jan 17, 2026
The Church Admin plugin for WordPress is vulnerable to Server-Side Request Forgery in all... Low Unreviewed
CVE-2026-0682 was published Jan 17, 2026
The Librarian contains an internal port scanning vulnerability, facilitated by the `web_fetch`... High Unreviewed
CVE-2026-0613 was published Jan 16, 2026
The DK PDF – WordPress PDF Generator plugin for WordPress is vulnerable to Server-Side Request... Moderate Unreviewed
CVE-2025-14793 was published Jan 16, 2026
lucy-xss-filter before commit 7c1de6d allows an attacker to induce server-side HEAD requests to... Moderate Unreviewed
CVE-2026-23768 was published Jan 16, 2026
Server-Side Request Forgery (SSRF) vulnerability in Sonatype Nexus Repository 3 versions 3.0.0... Moderate Unreviewed
CVE-2026-0600 was published Jan 15, 2026
External Control of File Name or Path (CWE-73) combined with Server-Side Request Forgery (CWE-918... High Unreviewed
CVE-2026-0532 was published Jan 14, 2026
The GetContentFromURL plugin for WordPress is vulnerable to Server-Side Request Forgery in all... High Unreviewed
CVE-2025-14613 was published Jan 14, 2026
Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker... Moderate Unreviewed
CVE-2026-20958 was published Jan 13, 2026
A Server-Side Request Forgery (SSRF) vulnerability [CWE-918] vulnerability in Fortinet... Low Unreviewed
CVE-2025-67685 was published Jan 13, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database