Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,035
Erlang
29
GitHub Actions
18
Go
1,844
Maven
5,000+
npm
3,580
NuGet
634
pip
3,164
Pub
10
RubyGems
850
Rust
803
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,059 advisories

Loading
Trufflehog vulnerable to Blind SSRF in some Detectors Low
CVE-2024-43379 was published for github.com/trufflesecurity/trufflehog/v3 (Go) Aug 19, 2024
abankalarm
The Skitter Slideshow plugin for WordPress is vulnerable to Server-Side Request Forgery in all... High Unreviewed
CVE-2022-1751 was published Aug 17, 2024
XML External Entity (XXE) vulnerability in Terminalfour 8.0.0001 through 8.3.18 and XML JDBC... Moderate Unreviewed
CVE-2024-22219 was published Aug 15, 2024
A vulnerability has been found in wanglongcn ltcms 1.0.20 and classified as critical. This... Moderate Unreviewed
CVE-2024-7740 was published Aug 13, 2024
A vulnerability was found in wanglongcn ltcms 1.0.20. It has been classified as critical.... Moderate Unreviewed
CVE-2024-7742 was published Aug 13, 2024
A vulnerability was found in wanglongcn ltcms 1.0.20. It has been declared as critical. Affected... Moderate Unreviewed
CVE-2024-7743 was published Aug 13, 2024
An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in... Critical Unreviewed
CVE-2024-38109 was published Aug 13, 2024
SAP CRM ABAP (Insights Management) allows an authenticated attacker to enumerate HTTP endpoints... Moderate Unreviewed
CVE-2024-41737 was published Aug 13, 2024
An Unauthenticated Server-Side Request Forgery (SSRF) in demon callback handling in Havoc 2 0.7... Critical Unreviewed
CVE-2024-41570 was published Aug 12, 2024
Server-Side Request Forgery in axios High
CVE-2024-39338 was published for axios (npm) Aug 12, 2024
levpachmanov
CometVisu Backend for openHAB affected by SSRF/XSS High
CVE-2024-42467 was published for org.openhab.ui.bundles:org.openhab.ui.cometvisu (Maven) Aug 9, 2024
p- peuter
The Modern Events Calendar plugin for WordPress is vulnerable to Server-Side Request Forgery in... High Unreviewed
CVE-2024-6522 was published Aug 7, 2024
An authenticated attacker can bypass Server-Side Request Forgery (SSRF) protection in Microsoft... High Unreviewed
CVE-2024-38206 was published Aug 7, 2024
memos vulnerable to Server-Side Request Forgery in /api/resource Moderate
CVE-2024-29030 was published for github.com/usememos/memos (Go) Aug 5, 2024
memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta Moderate
CVE-2024-29028 was published for github.com/usememos/memos (Go) Aug 5, 2024
memos vulnerable to Server-Side Request Forgery and Cross-site Scripting Moderate
CVE-2024-29029 was published for github.com/usememos/memos (Go) Aug 5, 2024
NextChat has full-read SSRF and XSS vulnerability in /api/cors endpoint Critical
CVE-2023-49785 was published for nextchat (npm) Aug 5, 2024
nvn1729
Nuxt Icon affected by a Server-Side Request Forgery (SSRF) High
CVE-2024-42352 was published for @nuxt/icon (npm) Aug 5, 2024
OhB00 antfu
** UNSUPPORTED WHEN ASSIGNED ** Server-Side Request Forgery (SSRF) vulnerability in Apache IoTDB... Unknown Unreviewed
CVE-2024-36448 was published Aug 5, 2024
Rocket.Chat Server-Side Request Forgery (SSRF) vulnerability High
CVE-2024-39713 was published for rocket.chat (npm) Aug 5, 2024
Server-Side Request Forgery (SSRF) vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot allows... Moderate Unreviewed
CVE-2024-38791 was published Aug 1, 2024
The Remote Content Shortcode plugin for WordPress is vulnerable to Server-Side Request Forgery in... Moderate Unreviewed
CVE-2024-2090 was published Aug 1, 2024
A vulnerability has been found in YouDianCMS 7 and classified as critical. Affected by this... Moderate Unreviewed
CVE-2024-7330 was published Aug 1, 2024
A Server-Side Request Forgery (SSRF) in the Plugins Page of WonderCMS v3.4.3 allows attackers to... High Unreviewed
CVE-2024-41305 was published Jul 30, 2024
Automation Anywhere Automation 360 v21-v32 is vulnerable to Server-Side Request Forgery in a web... Moderate Unreviewed
CVE-2024-6922 was published Jul 26, 2024
ProTip! Advisories are also available from the GraphQL API