GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
20 advisories
Filter by severity
SSRF vulnerability in Apache Airflow
Moderate
CVE-2020-17513
was published
for
apache-airflow
(pip)
Dec 17, 2020
SSRF in Sydent due to missing validation of hostnames
Moderate
CVE-2021-29431
was published
for
matrix-sydent
(pip)
Apr 19, 2021
Server-Side Request Forgery in Plone
Moderate
CVE-2021-33510
was published
for
Plone
(pip)
Jun 15, 2021
SSRF vulnerability in jupyter-server-proxy
Moderate
CVE-2022-21697
was published
for
jupyter-server-proxy
(pip)
Jan 27, 2022
Server-Side Request Forgery in calibreweb
Moderate
CVE-2022-0339
was published
for
calibreweb
(pip)
Feb 1, 2022
OpenStack Glance Server-Side Request Forgery (SSRF)
Moderate
CVE-2017-7200
was published
for
glance
(pip)
May 17, 2022
safeurl-python contains Server-Side Request Forgery
Moderate
CVE-2023-24622
was published
for
safeurl-python
(pip)
Jan 27, 2023
Withdrawn: safeurl-python contains Server-Side Request Forgery
Moderate
GHSA-rw83-v3pw-m362
was published
for
safeurl-python
(pip)
Jan 30, 2023
•
withdrawn
Synapse has URL deny list bypass via oEmbed and image URLs when generating previews
Moderate
CVE-2023-32683
was published
for
matrix-synapse
(pip)
Jun 6, 2023
Apache Superset Server-Side Request Forgery vulnerability
Moderate
CVE-2023-25504
was published
for
apache-superset
(pip)
Jul 6, 2023
Apache Superset Server Side Request Forgery vulnerability
Moderate
CVE-2023-36388
was published
for
apache-superset
(pip)
Sep 6, 2023
Apache Superset has improper default REST API permission for Gamma users
Moderate
CVE-2023-36387
was published
for
apache-superset
(pip)
Sep 6, 2023
Server-Side Request Forgery in mindsdb
Moderate
CVE-2023-49795
was published
for
mindsdb
(pip)
Dec 12, 2023
Label Studio SSRF on Import Bypassing `SSRF_PROTECTION_ENABLED` Protections
Moderate
CVE-2023-47116
was published
for
label-studio
(pip)
Jan 31, 2024
Mobile Security Framework (MobSF) vulnerable to SSRF in firebase database check
Moderate
CVE-2024-31215
was published
for
mobsf
(pip)
Apr 4, 2024
Server-Side Request Forgery in langchain-community.retrievers.web_research.WebResearchRetriever
Moderate
CVE-2024-3095
was published
for
langchain-community
(pip)
Jun 6, 2024
Potential access to sensitive URLs via CKAN extensions (SSRF)
Moderate
CVE-2024-43371
was published
for
ckan
(pip)
Aug 21, 2024
Inventree Server-Side Request Forgery vulnerability exposes server port/internal IP
Moderate
GHSA-vx3h-qwqw-r2wq
was published
for
inventree
(pip)
Oct 2, 2024
Gradio vulnerable to SSRF in the path parameter of /queue/join
Moderate
CVE-2024-47167
was published
for
gradio
(pip)
Oct 10, 2024
gradio Server Side Request Forgery vulnerability
Moderate
CVE-2024-48052
was published
for
gradio
(pip)
Nov 5, 2024
ProTip!
Advisories are also available from the
GraphQL API