Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,908
Erlang
39
GitHub Actions
38
Go
2,568
Maven
5,000+
npm
4,240
NuGet
754
pip
4,004
Pub
12
RubyGems
953
Rust
1,042
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,616 advisories

Loading
ThingsBoard versions < 4.2.1 contain a server-side request forgery (SSRF) vulnerability in the... Moderate Unreviewed
CVE-2025-34282 was published Oct 17, 2025
A server-side request forgery (SSRF) vulnerability in Illia Cloud illia-Builder before v4.8.5... Critical Unreviewed
CVE-2025-60279 was published Oct 17, 2025
Lobe Chat vulnerable to Server-Side Request Forgery with native web fetch module Low
CVE-2025-62505 was published for @lobehub/chat (npm) Oct 17, 2025
im-soohyun
Credited to im-soohyun
A vulnerability was identified in NucleoidAI Nucleoid up to 0.7.10. The impacted element is the... Moderate Unreviewed
CVE-2025-11864 was published Oct 16, 2025
Angular SSR has a Server-Side Request Forgery (SSRF) flaw High
CVE-2025-62427 was published for @angular/ssr (npm) Oct 16, 2025
meDavidNS securityMB
jkrems alan-agius4 josephperrott
Credited to meDavidNS, securityMB, jkrems, alan-agius4, and josephperrott
The Task Scheduler plugin for WordPress is vulnerable to Server-Side Request Forgery in all... Moderate Unreviewed
CVE-2025-10056 was published Oct 15, 2025
karakeep v0.26.0 to v0.7.0 was discovered to contain a Server-Side Request Forgery (SSRF). Moderate Unreviewed
CVE-2025-60540 was published Oct 14, 2025
SOOP-CLM developed by PiExtract has a Server-Side Request Forgery vulnerability, allowing... Moderate Unreviewed
CVE-2025-11674 was published Oct 13, 2025
A vulnerability has been found in Tomofun Furbo 360 and Furbo Mini. Impacted is an unknown... Moderate Unreviewed
CVE-2025-11648 was published Oct 13, 2025
A security vulnerability has been detected in Tomofun Furbo 360 up to FB0035_FW_036. This issue... Moderate Unreviewed
CVE-2025-11636 was published Oct 12, 2025
HCL Unica Centralized Offer Management is vulnerable to a potential Server-Side Request Forgery ... Low Unreviewed
CVE-2025-31993 was published Oct 12, 2025
The WP Scraper plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions... Moderate Unreviewed
CVE-2025-9975 was published Oct 11, 2025
Server-Side Request Forgery (SSRF) in the Remote Browser Plugin in Sonatype Nexus Repository 2.x... High Unreviewed
CVE-2025-9868 was published Oct 8, 2025
vLLM is vulnerable to Server-Side Request Forgery (SSRF) through `MediaConnector` class High
CVE-2025-6242 was published for vllm (pip) Oct 7, 2025
kexinoh d3do-23
lonelyuan huachenheli DarkLight1337 russellb sidhpurwala-huzaifa
Credited to kexinoh, d3do-23, lonelyuan, huachenheli, DarkLight1337, russellb, and sidhpurwala-huzaifa
LLaMA Factory's Chat API Contains Critical SSRF and LFI Vulnerabilities High
CVE-2025-61784 was published for llamafactory (pip) Oct 7, 2025
d3do-23 kexinoh
lonelyuan
Credited to d3do-23, kexinoh, and lonelyuan
A vulnerability was determined in samanhappy MCPHub up to 0.9.10. This affects an unknown part of... Moderate Unreviewed
CVE-2025-11286 was published Oct 5, 2025
Two unauthenticated diagnostic endpoints allow arbitrary backend-initiated network connections to... Moderate Unreviewed
CVE-2025-10695 was published Oct 3, 2025
TCL 65C655 Smart TV, running firmware version V8-R75PT01-LF1V269.001116 (Android TV, Kernel 5.4... Moderate Unreviewed
CVE-2025-55971 was published Oct 3, 2025
CVE-2025-54087 is a server-side request forgery vulnerability in Secure Access prior to version... Low Unreviewed
CVE-2025-54087 was published Oct 2, 2025
VitaraCharts 5.3.5 is vulnerable to Server-Side Request Forgery in fileLoader.jsp. Moderate Unreviewed
CVE-2025-57305 was published Oct 2, 2025
Apache Kylin Server-Side Request Forgery (SSRF) Vulnerability High
CVE-2025-61735 was published for org.apache.kylin:kylin (Maven) Oct 2, 2025
In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform... High Unreviewed
CVE-2025-20371 was published Oct 1, 2025
The Block For Mailchimp – Easy Mailchimp Form Integration plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-10735 was published Oct 1, 2025
Dify v1.6.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component... Moderate Unreviewed
CVE-2025-56520 was published Sep 30, 2025
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and... High Unreviewed
CVE-2025-34225 was published Sep 29, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database