Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,615
Maven
5,000+
npm
4,255
NuGet
760
pip
4,036
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

797 advisories

Loading
PerfreeBlog v4.0.11 is vulnerable to Server-Side Request Forgery due to a missing authorization... Moderate Unreviewed
CVE-2025-60319 was published Oct 30, 2025
An unauthenticated server-side request forgery (SSRF) vulnerability in the Thumbnail via-uri... Moderate Unreviewed
CVE-2025-60898 was published Oct 29, 2025
Keras is vulnerable to arbitrary local file loading and Server-Side Request Forgery Moderate
CVE-2025-12058 was published for keras (pip) Oct 29, 2025
IBM Concert 1.0.0 through 2.0.0 Software is vulnerable to server-side request forgery (SSRF).... Moderate Unreviewed
CVE-2025-36085 was published Oct 28, 2025
Server-Side Request Forgery (SSRF) vulnerability in Codeless Slider Templates slider-templates... Moderate Unreviewed
CVE-2025-62988 was published Oct 27, 2025
The Real Cookie Banner: GDPR & ePrivacy Cookie Consent plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-12136 was published Oct 24, 2025
The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator... Moderate Unreviewed
CVE-2025-11128 was published Oct 23, 2025
The MxChat – AI Chatbot for WordPress plugin for WordPress is vulnerable to Blind Server-Side... Moderate Unreviewed
CVE-2025-10705 was published Oct 23, 2025
Server-Side Request Forgery (SSRF) vulnerability in Icegram Icegram Express Pro email-subscribers... Moderate Unreviewed
CVE-2025-49917 was published Oct 22, 2025
Server-Side Request Forgery (SSRF) vulnerability in captcha.eu Captcha.eu captcha-eu allows... Moderate Unreviewed
CVE-2025-49374 was published Oct 22, 2025
Zimbra Collaboration (ZCS) before 10.1.12 allows SSRF because of the configuration of the chat... Moderate Unreviewed
CVE-2025-62763 was published Oct 21, 2025
The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Blind Server-Side... Moderate Unreviewed
CVE-2025-11536 was published Oct 21, 2025
The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for... Moderate Unreviewed
CVE-2025-11361 was published Oct 18, 2025
ThingsBoard versions < 4.2.1 contain a server-side request forgery (SSRF) vulnerability in the... Moderate Unreviewed
CVE-2025-34282 was published Oct 17, 2025
A vulnerability was identified in NucleoidAI Nucleoid up to 0.7.10. The impacted element is the... Moderate Unreviewed
CVE-2025-11864 was published Oct 16, 2025
The Task Scheduler plugin for WordPress is vulnerable to Server-Side Request Forgery in all... Moderate Unreviewed
CVE-2025-10056 was published Oct 15, 2025
karakeep v0.26.0 to v0.7.0 was discovered to contain a Server-Side Request Forgery (SSRF). Moderate Unreviewed
CVE-2025-60540 was published Oct 14, 2025
SOOP-CLM developed by PiExtract has a Server-Side Request Forgery vulnerability, allowing... Moderate Unreviewed
CVE-2025-11674 was published Oct 13, 2025
A vulnerability has been found in Tomofun Furbo 360 and Furbo Mini. Impacted is an unknown... Moderate Unreviewed
CVE-2025-11648 was published Oct 13, 2025
A security vulnerability has been detected in Tomofun Furbo 360 up to FB0035_FW_036. This issue... Moderate Unreviewed
CVE-2025-11636 was published Oct 12, 2025
The WP Scraper plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions... Moderate Unreviewed
CVE-2025-9975 was published Oct 11, 2025
A vulnerability was determined in samanhappy MCPHub up to 0.9.10. This affects an unknown part of... Moderate Unreviewed
CVE-2025-11286 was published Oct 5, 2025
Two unauthenticated diagnostic endpoints allow arbitrary backend-initiated network connections to... Moderate Unreviewed
CVE-2025-10695 was published Oct 3, 2025
TCL 65C655 Smart TV, running firmware version V8-R75PT01-LF1V269.001116 (Android TV, Kernel 5.4... Moderate Unreviewed
CVE-2025-55971 was published Oct 3, 2025
VitaraCharts 5.3.5 is vulnerable to Server-Side Request Forgery in fileLoader.jsp. Moderate Unreviewed
CVE-2025-57305 was published Oct 2, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database