GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,258
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,483
Swift
61
Unreviewed advisories
All unreviewed
5,000+
2,533 advisories
Filter by severity
Coder's workspace agent API insecure redirect handling allowed cross-agent file read and write
High
GHSA-qrwj-vh9x-gw5v
was published
for
github.com/coder/coder/v2
(Go)
Jul 6, 2026
Dragonfly scheduler v1 and v2 gRPC unauthenticated SSRF via attacker-controlled PeerHost in DownloadTinyFile
Moderate
CVE-2026-54637
was published
for
d7y.io/dragonfly/v2
(Go)
Jul 6, 2026
flyto-core has SSRF guard bypass via IPv6 transition addresses (IPv4-mapped / 6to4 / NAT64) in validate_url_ssrf
High
CVE-2026-55787
was published
for
flyto-core
(pip)
Jul 6, 2026
A flaw has been found in AIAnytime Awesome-MCP-Server up to...
Low
Unreviewed
CVE-2026-14748
was published
Jul 5, 2026
Server-side request forgery (ssrf) in Microsoft Edge (Chromium-based) allows an unauthorized...
Moderate
Unreviewed
CVE-2026-58278
was published
Jul 3, 2026
Server-side request forgery (ssrf) in Microsoft Edge (Chromium-based) allows an unauthorized...
High
Unreviewed
CVE-2026-57993
was published
Jul 3, 2026
Server-side request forgery (ssrf) in Microsoft Edge (Chromium-based) allows an unauthorized...
Moderate
Unreviewed
CVE-2026-57987
was published
Jul 3, 2026
The WP Import Export Lite plugin for WordPress is vulnerable to Server-Side Request Forgery in...
Moderate
Unreviewed
CVE-2026-11397
was published
Jul 3, 2026
Server-side request forgery (ssrf) in Azure OpenAI allows an authorized attacker to elevate...
Critical
Unreviewed
CVE-2026-45499
was published
Jul 3, 2026
Server-side request forgery (ssrf) in Microsoft Entra Provisioning Service (SyncFabric) allows an...
Critical
Unreviewed
CVE-2026-57100
was published
Jul 3, 2026
AutoBangumi before 3.2.8 contains a server-side request forgery (SSRF) vulnerability that allows...
Moderate
Unreviewed
CVE-2026-59101
was published
Jul 2, 2026
LobeChat before 2.2.10-canary.18 contains a server-side request forgery vulnerability that allows...
High
Unreviewed
CVE-2026-59095
was published
Jul 2, 2026
Mautic Focus component Vulnerable to SSRF
Moderate
CVE-2026-9557
was published
for
mautic/core
(Composer)
Jul 2, 2026
@asymmetric-effort/specifyjs: No redirect target validation in secureFetch
Moderate
GHSA-j5qp-p44g-2m49
was published
for
@asymmetric-effort/specifyjs
(npm)
Jul 2, 2026
@asymmetric-effort/specifyjs: `data:` URI allowed without size restriction
Moderate
GHSA-2944-57xv-2682
was published
for
@asymmetric-effort/specifyjs
(npm)
Jul 2, 2026
@asymmetric-effort/specifyjs: Localhost bypass incomplete (IPv6, 0.0.0.0, 127.x range)
Moderate
GHSA-xw57-23p8-9wc5
was published
for
@asymmetric-effort/specifyjs
(npm)
Jul 2, 2026
@asymmetric-effort/specifyjs: URL parse failure silently allows request
High
CVE-2026-50288
was published
for
@asymmetric-effort/specifyjs
(npm)
Jul 2, 2026
OpenClaw's browser act interactions could bypass private-network navigation checks
Moderate
CVE-2026-53812
was published
for
openclaw
(npm)
Jul 2, 2026
A malicious actor with access to the network could exploit a Server-Side Request Forgery (SSRF)...
High
Unreviewed
CVE-2026-55113
was published
Jul 2, 2026
A malicious actor with access to the network and low privileges could exploit a Server-Side...
Critical
Unreviewed
CVE-2026-55115
was published
Jul 2, 2026
A malicious actor with access to the network and low privileges could exploit a Server-Side...
High
Unreviewed
CVE-2026-54401
was published
Jul 2, 2026
Subscriber Server Side Request Forgery (SSRF) in GeoDirectory <= 2.8.161 versions.
Moderate
Unreviewed
CVE-2026-57681
was published
Jul 2, 2026
Unauthenticated Server Side Request Forgery (SSRF) in Paid Member Subscriptions <= 3.0.4 versions.
High
Unreviewed
CVE-2026-57348
was published
Jul 2, 2026
liboauth2 is vulnerable to Server-Side Request Forgery in oauth2_jose_jwks_aws_alb_resolve()...
Moderate
Unreviewed
CVE-2026-54430
was published
Jul 2, 2026
Apify Model Context Protocol (MCP) server: Actor MCP path authority injection leaks Apify token
High
CVE-2026-50143
was published
for
@apify/actors-mcp-server
(npm)
Jul 1, 2026
ProTip!
Advisories are also available from the
GraphQL API