GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,258
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,483
Swift
61
Unreviewed advisories
All unreviewed
5,000+
2,533 advisories
Filter by severity
@budibase/backend-core has potential SSRF DNS rebinding bypass in outbound fetch validation
High
CVE-2026-54353
was published
for
@budibase/backend-core
(npm)
Jun 22, 2026
Budibase: SSRF via OAuth2 token endpoint URL reaches internal hosts and cloud metadata
High
CVE-2026-48153
was published
for
@budibase/server
(npm)
Jun 22, 2026
Gogs has SSRF in webhook deliveries
Moderate
CVE-2026-47267
was published
for
gogs.io/gogs
(Go)
Jun 22, 2026
Paymenter has Blind Unauthenticated SSRF on the Paypal gateway module
Moderate
CVE-2026-44583
was published
for
paymenter/paymenter
(Composer)
Jun 22, 2026
OpenAM Authenticated Server-Side Request Forgery (SSRF) via `/sessionservice`
Moderate
CVE-2026-44202
was published
for
org.openidentityplatform.openam:openam-core
(Maven)
Jun 22, 2026
IBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery (SSRF) in...
Moderate
Unreviewed
CVE-2026-7253
was published
Jun 22, 2026
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to server-side request forgery (SSRF)...
High
Unreviewed
CVE-2026-9006
was published
Jun 22, 2026
OpenCTI has Semi-Blind SSRF via Unvalidated External URL in Data Ingestion Feature
High
CVE-2026-21887
was published
for
pycti
(pip)
Jun 22, 2026
A vulnerability was detected in activepieces up to 0.83.0. This vulnerability affects the...
Low
Unreviewed
CVE-2026-12813
was published
Jun 22, 2026
A weakness has been identified in BerriAI litellm up to 1.82.2. Affected by this vulnerability is...
Low
Unreviewed
CVE-2026-12798
was published
Jun 21, 2026
A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this...
Low
Unreviewed
CVE-2026-12774
was published
Jun 21, 2026
AVideo through version 27.0 contains a server-side request forgery vulnerability in plugin/Live...
Moderate
Unreviewed
CVE-2026-56342
was published
Jun 20, 2026
Capgo before 12.128.2 contains a server-side request forgery vulnerability in webhook URL...
Moderate
Unreviewed
CVE-2026-56227
was published
Jun 20, 2026
SurrealDB: SSRF via JWKS URL — Redirect Following in JWT Key Fetch
Moderate
GHSA-h5rg-8p7f-47g2
was published
for
surrealdb
(Rust)
Jun 19, 2026
Lokka: Azure Resource Manager URL path validation issue
High
GHSA-g2gw-q38m-vjfc
was published
for
@merill/lokka
(npm)
Jun 19, 2026
Zeep: Server-Side Request Forgery (SSRF)
Moderate
GHSA-4cc2-g9w2-fhf6
was published
for
zeep
(pip)
Jun 19, 2026
SearXNG MCP Server: DNS-resolved Private Hostname SSRF in `web_url_read`
High
GHSA-mrvx-jmjw-vggc
was published
for
mcp-searxng
(npm)
Jun 19, 2026
A flaw was found in the AWX GitHub webhook integration. When processing GitHub pull_request...
Moderate
Unreviewed
CVE-2026-12726
was published
Jun 19, 2026
Mailpit: Incomplete SSRF protection in Link Check API via IPv6 transition mechanisms
Moderate
CVE-2026-55187
was published
for
github.com/axllent/mailpit
(Go)
Jun 19, 2026
Hugo: security.http.urls deny rules bypassed by alternate IPv4 encodings (SSRF)
High
GHSA-r46f-3rpw-hxrv
was published
for
github.com/gohugoio/hugo
(Go)
Jun 19, 2026
NL Portal Backend Libraries: Unauthenticated form resolver forwards the privileged Objecten-API token to a caller-supplied URL (SSRF)
Moderate
CVE-2026-55414
was published
for
nl.nl-portal:form
(Maven)
Jun 19, 2026
canto-saas-api: Authenticated API requests can be redirected via unencoded path variables
Moderate
CVE-2026-55374
was published
for
jleehr/canto-saas-api
(Composer)
Jun 19, 2026
The Advanced Import plugin for WordPress is vulnerable to Server-Side Request Forgery in all...
Moderate
Unreviewed
CVE-2026-4328
was published
Jun 19, 2026
The Bit integrations – Form Integration, Webhook, Spreadsheets, CRM, LMS & Email Automation...
Moderate
Unreviewed
CVE-2026-11989
was published
Jun 19, 2026
Signal K Server: Server-Side Request Forgery via Remote Connection Endpoints
Moderate
CVE-2026-55591
was published
for
signalk-server
(npm)
Jun 18, 2026
ProTip!
Advisories are also available from the
GraphQL API