GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,168
Erlang
30
GitHub Actions
19
Go
1,978
Maven
5,000+
npm
3,698
NuGet
656
pip
3,315
Pub
11
RubyGems
882
Rust
832
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,112 advisories
Filter by severity
Server-Side Request Forgery (SSRF) vulnerability in Noor alam Magical Addons For Elementor allows...
Moderate
Unreviewed
CVE-2024-51665
was published
Nov 4, 2024
Qualitor v8.24 was discovered to contain a Server-Side Request Forgery (SSRF) via the component ...
High
Unreviewed
CVE-2024-48360
was published
Oct 31, 2024
xtreme1 <= v0.9.1 contains a Server-Side Request Forgery (SSRF) vulnerability in the /api/data...
Moderate
Unreviewed
CVE-2024-48346
was published
Oct 30, 2024
A Server-Side Request Forgery (SSRF) vulnerability has been identified in eladmin 2.7 and earlier...
Moderate
Unreviewed
CVE-2024-51242
was published
Oct 30, 2024
SparkShop <=1.1.7 is vulnerable to server-side request forgery (SSRF). This vulnerability allows...
Moderate
Unreviewed
CVE-2024-48107
was published
Oct 28, 2024
newbee-mall v1.0.0 is vulnerable to Server-Side Request Forgery (SSRF) via the goodsCoverImg...
High
Unreviewed
CVE-2024-48178
was published
Oct 28, 2024
An issue was discovered in mipjz 5.0.5. In the push method of app\tag\controller\ApiAdminTag.php...
Moderate
Unreviewed
CVE-2024-48234
was published
Oct 26, 2024
An issue was found in mipjz 5.0.5. In the mipPost method of \app\setting\controller\ApiAdminTool...
Moderate
Unreviewed
CVE-2024-48232
was published
Oct 25, 2024
An arbitrary file upload vulnerability in Huly Platform v0.6.295 allows attackers to execute...
Moderate
Unreviewed
CVE-2024-48450
was published
Oct 25, 2024
Butterfly has path/URL confusion in resource handling leading to multiple weaknesses
Critical
CVE-2024-47883
was published
for
org.openrefine.dependencies:butterfly
(Maven)
Oct 24, 2024
An issue was discovered in Zimbra Collaboration (ZCS) 10.1.x before 10.1.1, 10.0.x before 10.0.9,...
High
Unreviewed
CVE-2024-45518
was published
Oct 22, 2024
Server-Side Request Forgery (SSRF) vulnerability in WisdmLabs Edwiser Bridge.This issue affects...
Moderate
Unreviewed
CVE-2024-49312
was published
Oct 17, 2024
The Mapplic and Mapplic Lite plugins for WordPress are vulnerable to Server-Side Request Forgery...
High
Unreviewed
CVE-2012-10018
was published
Oct 16, 2024
A Server-Side Request Forgery (SSRF) vulnerability exists in the jpress <= v5.1.1, which can be...
High
Unreviewed
CVE-2024-46468
was published
Oct 11, 2024
A Server-Side Request Forgery (SSRF) vulnerability in SMA1000 appliance firmware versions 12.4.3...
Unknown
Unreviewed
CVE-2024-45317
was published
Oct 11, 2024
Gradio vulnerable to SSRF in the path parameter of /queue/join
Moderate
CVE-2024-47167
was published
for
gradio
(pip)
Oct 10, 2024
An issue has been discovered in GitLab EE affecting all versions starting from 15.10 prior to 17...
High
Unreviewed
CVE-2024-8977
was published
Oct 10, 2024
Magento Open Source Server-Side Request Forgery (SSRF) vulnerability
Moderate
CVE-2024-45119
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Server-side request forgery in Ivanti Avalanche before version 6.4.5 allows a remote...
High
Unreviewed
CVE-2024-47008
was published
Oct 8, 2024
PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery in HTML writer when embedding images is enabled
Moderate
CVE-2024-45291
was published
for
phpoffice/phpspreadsheet
(Composer)
Oct 7, 2024
PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery when opening XLSX file
High
CVE-2024-45290
was published
for
phpoffice/phpspreadsheet
(Composer)
Oct 7, 2024
Ada.cx's Sentry configuration allowed for blind server-side request forgeries (SSRF) through the...
Moderate
Unreviewed
CVE-2024-9410
was published
Oct 4, 2024
Inventree Server-Side Request Forgery vulnerability exposes server port/internal IP
Moderate
GHSA-vx3h-qwqw-r2wq
was published
for
inventree
(pip)
Oct 2, 2024
Mattermost versions 9.5.x <= 9.5.8 fail to include the metadata endpoints of Oracle Cloud and...
Low
Unreviewed
CVE-2024-45843
was published
Sep 26, 2024
New Cloud MyOffice SDK Collaborative Editing Server 2.2.2 through 2.8 allows SSRF via...
Critical
Unreviewed
CVE-2024-47222
was published
Sep 23, 2024
ProTip!
Advisories are also available from the
GraphQL API