GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
20 advisories
Filter by severity
Backstage Scaffolder plugin vulnerable to Server-Side Request Forgery
Moderate
CVE-2024-53983
was published
for
@backstage/plugin-scaffolder-node
(npm)
Dec 2, 2024
Server Side Request Forgery (SSRF) attack in Fedify
Moderate
CVE-2024-39687
was published
for
@fedify/fedify
(npm)
Jul 5, 2024
lobe-chat implemented an insufficient fix for GHSA-mxhq-xw3g-rphc (CVE-2024-32964)
Moderate
CVE-2024-47066
was published
for
@lobehub/chat
(npm)
Sep 23, 2024
Directus vulnerable to SSRF Loopback IP filter bypass
Moderate
CVE-2024-46990
was published
for
@directus/api
(npm)
Sep 18, 2024
Directus Blind SSRF On File Import
Moderate
CVE-2024-39699
was published
for
@directus/api
(npm)
Jul 8, 2024
Spoofing attack in swagger-ui
Moderate
CVE-2018-25031
was published
for
swagger-ui
(npm)
Mar 12, 2022
RSSHub vulnerable to Server-Side Request Forgery
Moderate
CVE-2024-27927
was published
for
rsshub
(npm)
Mar 6, 2024
Server-Side Request Forgery in Request
Moderate
CVE-2023-28155
was published
for
@cypress/request
(npm)
Mar 16, 2023
Sentry Next.js vulnerable to SSRF via Next.js SDK tunnel endpoint
Moderate
CVE-2023-46729
was published
for
@sentry/nextjs
(npm)
Nov 9, 2023
Server side request forgery in SwaggerUI
Moderate
GHSA-qrmm-w75w-3wpx
was published
for
Swashbuckle.AspNetCore.SwaggerUI
(npm)
Dec 9, 2021
Directus vulnerable to Server-Side Request Forgery On File Import
Moderate
CVE-2023-26492
was published
for
directus
(npm)
Mar 3, 2023
Server-Side Request Forgery in @peertube/embed-api
Moderate
CVE-2022-0508
was published
for
@peertube/embed-api
(npm)
Feb 9, 2022
`undici.request` vulnerable to SSRF using absolute URL on `pathname`
Moderate
CVE-2022-35949
was published
for
undici
(npm)
Aug 18, 2022
Server-Side Request Forgery in ssrf-agent
Moderate
CVE-2021-23718
was published
for
ssrf-agent
(npm)
Dec 2, 2021
Server-side request forgery in Ghost CMS
Moderate
CVE-2020-8134
was published
for
ghost
(npm)
May 6, 2021
Axios vulnerable to Server-Side Request Forgery
Moderate
CVE-2020-28168
was published
for
axios
(npm)
Jan 4, 2021
Server-Side Request Forgery in link-preview-js
Moderate
CVE-2022-25876
was published
for
link-preview-js
(npm)
Jul 2, 2022
Server-Side Request Forgery in Directus
Moderate
CVE-2022-23080
was published
for
directus
(npm)
Jun 23, 2022
ProTip!
Advisories are also available from the
GraphQL API