GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
17 advisories
Filter by severity
OpenShift Console Server Side Request Forgery vulnerability
Moderate
CVE-2024-6538
was published
for
github.com/openshift/console
(Go)
Nov 25, 2024
req may send an unintended request when a malformed URL is provided
Moderate
CVE-2024-45258
was published
for
github.com/imroc/req
(Go)
Aug 26, 2024
memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta
Moderate
CVE-2024-29028
was published
for
github.com/usememos/memos
(Go)
Aug 5, 2024
memos vulnerable to Server-Side Request Forgery and Cross-site Scripting
Moderate
CVE-2024-29029
was published
for
github.com/usememos/memos
(Go)
Aug 5, 2024
memos vulnerable to Server-Side Request Forgery in /api/resource
Moderate
CVE-2024-29030
was published
for
github.com/usememos/memos
(Go)
Aug 5, 2024
Server-Side Request Forgery in github.com/greenpau/caddy-security
Moderate
CVE-2024-21498
was published
for
github.com/greenpau/caddy-security
(Go)
Feb 17, 2024
imgproxy is vulnerable to Server-Side Request Forgery
Moderate
CVE-2023-30019
was published
for
github.com/imgproxy/imgproxy/v3
(Go)
May 8, 2023
request-baskets vulnerable to Server-Side Request Forgery
Moderate
CVE-2023-27163
was published
for
github.com/darklynx/request-baskets
(Go)
Mar 31, 2023
KubeVela VelaUX APIserver has SSRF vulnerability
Moderate
CVE-2022-39383
was published
for
github.com/oam-dev/kubevela
(Go)
Nov 18, 2022
Smokescreen SSRF via deny list bypass (square brackets)
Moderate
CVE-2022-29188
was published
for
github.com/stripe/smokescreen
(Go)
May 24, 2022
Gophish vulnerable to Server-Side Request Forgery
Moderate
CVE-2020-24710
was published
for
github.com/gophish/gophish
(Go)
May 24, 2022
Smokescreen SSRF via deny list bypass
Moderate
CVE-2022-24825
was published
for
github.com/stripe/smokescreen
(Go)
Apr 7, 2022
SSRF in repository migration
Moderate
GHSA-q347-cg56-pcq4
was published
for
gogs.io/gogs
(Go)
Mar 14, 2022
SSRF in repository migration
Moderate
CVE-2022-0870
was published
for
gogs.io/gogs
(Go)
Mar 12, 2022
Server Side Request Forgery (SSRF) in Kubernetes
Moderate
CVE-2020-8555
was published
for
k8s.io/kubernetes
(Go)
Feb 15, 2022
Server Side Request Forgery in Grafana
Moderate
CVE-2020-13379
was published
for
github.com/grafana/grafana
(Go)
Feb 15, 2022
Gitea displaying raw OpenID error in UI
Moderate
CVE-2021-45325
was published
for
github.com/go-gitea/gitea
(Go)
Feb 9, 2022
ProTip!
Advisories are also available from the
GraphQL API