GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 24,275
Composer 4,908
Erlang 39
GitHub Actions 38
Go 2,568
Maven 6,036
npm 4,240
NuGet 754
pip 4,004
Pub 12
RubyGems 953
Rust 1,042
Swift 45

Unreviewed advisories

All unreviewed 273,848

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

785 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for... Moderate Unreviewed

CVE-2025-11361 was published Oct 18, 2025

ThingsBoard versions < 4.2.1 contain a server-side request forgery (SSRF) vulnerability in the... Moderate Unreviewed

CVE-2025-34282 was published Oct 17, 2025

A vulnerability was identified in NucleoidAI Nucleoid up to 0.7.10. The impacted element is the... Moderate Unreviewed

CVE-2025-11864 was published Oct 16, 2025

The Task Scheduler plugin for WordPress is vulnerable to Server-Side Request Forgery in all... Moderate Unreviewed

CVE-2025-10056 was published Oct 15, 2025

karakeep v0.26.0 to v0.7.0 was discovered to contain a Server-Side Request Forgery (SSRF). Moderate Unreviewed

CVE-2025-60540 was published Oct 14, 2025

SOOP-CLM developed by PiExtract has a Server-Side Request Forgery vulnerability, allowing... Moderate Unreviewed

CVE-2025-11674 was published Oct 13, 2025

A vulnerability has been found in Tomofun Furbo 360 and Furbo Mini. Impacted is an unknown... Moderate Unreviewed

CVE-2025-11648 was published Oct 13, 2025

A security vulnerability has been detected in Tomofun Furbo 360 up to FB0035_FW_036. This issue... Moderate Unreviewed

CVE-2025-11636 was published Oct 12, 2025

The WP Scraper plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions... Moderate Unreviewed

CVE-2025-9975 was published Oct 11, 2025

A vulnerability was determined in samanhappy MCPHub up to 0.9.10. This affects an unknown part of... Moderate Unreviewed

CVE-2025-11286 was published Oct 5, 2025

Two unauthenticated diagnostic endpoints allow arbitrary backend-initiated network connections to... Moderate Unreviewed

CVE-2025-10695 was published Oct 3, 2025

TCL 65C655 Smart TV, running firmware version V8-R75PT01-LF1V269.001116 (Android TV, Kernel 5.4... Moderate Unreviewed

CVE-2025-55971 was published Oct 3, 2025

VitaraCharts 5.3.5 is vulnerable to Server-Side Request Forgery in fileLoader.jsp. Moderate Unreviewed

CVE-2025-57305 was published Oct 2, 2025

The Block For Mailchimp – Easy Mailchimp Form Integration plugin for WordPress is vulnerable to... Moderate Unreviewed

CVE-2025-10735 was published Oct 1, 2025

Dify v1.6.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component... Moderate Unreviewed

CVE-2025-56520 was published Sep 30, 2025

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and... Moderate Unreviewed

CVE-2025-34229 was published Sep 29, 2025

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and... Moderate Unreviewed

CVE-2025-34230 was published Sep 29, 2025

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and... Moderate Unreviewed

CVE-2025-34232 was published Sep 29, 2025

A security flaw has been discovered in Tencent WeKnora 0.1.0. This impacts the function... Moderate Unreviewed

CVE-2025-11046 was published Sep 26, 2025

Server-Side Request Forgery (SSRF) vulnerability in silence Silencesoft RSS Reader allows Server... Moderate Unreviewed

CVE-2025-60181 was published Sep 26, 2025

Server-Side Request Forgery (SSRF) vulnerability in bdthemes ZoloBlocks allows Server Side... Moderate Unreviewed

CVE-2025-60161 was published Sep 26, 2025

The Snow Monkey theme for WordPress is vulnerable to Server-Side Request Forgery in all versions... Moderate Unreviewed

CVE-2025-10137 was published Sep 26, 2025

SAP BI Platform allows an attacker to modify the IP address of the LogonToken for the OpenDoc. On... Moderate Unreviewed

CVE-2025-42907 was published Sep 23, 2025

A restriction bypass vulnerability in is-localhost-ip could allow attackers to perform Server... Moderate Unreviewed

CVE-2025-9960 was published Sep 22, 2025

Server-Side Request Forgery (SSRF) vulnerability in publitio Publitio allows Server Side Request... Moderate Unreviewed

CVE-2025-58962 was published Sep 22, 2025

Previous1…32 Next

Previous 1 2 3 4 5 … 31 32 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

785 advisories