Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
2,989
Maven
5,000+
npm
4,699
NuGet
788
pip
4,328
Pub
12
RubyGems
987
Rust
1,133
Swift
49
Unreviewed advisories
All unreviewed
5,000+

1,821 advisories

Loading
OpenClaw has two SSRF via sendMediaFeishu and markdown image fetching in Feishu extension High
GHSA-x22m-j5qq-j49m was published for openclaw (npm) Feb 18, 2026
zpbrent
Credited to zpbrent
A weakness has been identified in huggingface smolagents 1.24.0. Impacted is the function... Moderate Unreviewed
CVE-2026-2654 was published Feb 18, 2026
The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Server-Side... Moderate Unreviewed
CVE-2026-1857 was published Feb 18, 2026
Libredesk has a SSRF Vulnerability in Webhooks Moderate
CVE-2026-26957 was published for github.com/abhinavxd/libredesk (Go) Feb 18, 2026
PlayerIUnknown
Credited to PlayerIUnknown
OpenClaw affected by SSRF in optional Tlon (Urbit) extension authentication Moderate
GHSA-pg2v-8xwh-qhcc was published for openclaw (npm) Feb 18, 2026
p80n-sec
Credited to p80n-sec
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9.0.12 and 12.0.0.4 with Single... High Unreviewed
CVE-2026-22048 was published Feb 18, 2026
OpenClaw has a SSRF guard bypass via full-form IPv4-mapped IPv6 (loopback / metadata reachable) High
CVE-2026-26324 was published for openclaw (npm) Feb 17, 2026
yueyueL
Credited to yueyueL
OpenClaw Gateway tool allowed unrestricted gatewayUrl override High
CVE-2026-26322 was published for openclaw (npm) Feb 17, 2026
p80n-sec
Credited to p80n-sec
IBM Concert 1.0.0 through 2.1.0 is vulnerable to server-side request forgery (SSRF). This may... Moderate Unreviewed
CVE-2025-36243 was published Feb 17, 2026
OpenClaw affected by SSRF via attachment/media URL hydration Moderate
GHSA-wfp2-v9c7-fh79 was published for openclaw (npm) Feb 17, 2026
simecek stanislavfortaisle
Credited to simecek and stanislavfortaisle
Indico has Server-Side Request Forgery (SSRF) in multiple places Moderate
CVE-2026-25738 was published for indico (pip) Feb 17, 2026
rahulgovind inkz
yueyueL
Credited to rahulgovind, inkz, and yueyueL
OpenClaw affected by SSRF in Image Tool Remote Fetch High
GHSA-56f2-hvwg-5743 was published for openclaw (npm) Feb 17, 2026
p80n-sec
Credited to p80n-sec
A security vulnerability has been detected in cskefu up to 8.0.1. This issue affects some unknown... Moderate Unreviewed
CVE-2026-2556 was published Feb 16, 2026
A flaw has been found in GeekAI up to 4.2.4. The affected element is the function Download of the... Moderate Unreviewed
CVE-2026-2558 was published Feb 16, 2026
MindsDB affected by a SSRF vulnerability Low
CVE-2026-2531 was published for MindsDB (pip) Feb 16, 2026
A vulnerability was detected in lintsinghua DeepAudit up to 3.0.3. This issue affects some... Moderate Unreviewed
CVE-2026-2532 was published Feb 16, 2026
The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is... Moderate Unreviewed
CVE-2026-1249 was published Feb 14, 2026
The User Language Switch plugin for WordPress is vulnerable to Server-Side Request Forgery in all... High Unreviewed
CVE-2026-0745 was published Feb 14, 2026
The Converter for Media – Optimize images | Convert WebP & AVIF plugin for WordPress is... Moderate Unreviewed
CVE-2026-1356 was published Feb 12, 2026
@langchain/community affected by SSRF Bypass in RecursiveUrlLoader via insufficient URL origin validation Moderate
CVE-2026-26019 was published for @langchain/community (npm) Feb 11, 2026
kpanuragh hntrl
Credited to kpanuragh and hntrl
LangChain affected by SSRF via image_url token counting in ChatOpenAI.get_num_tokens_from_messages Low
CVE-2026-26013 was published for langchain-core (pip) Feb 11, 2026
Finder16
Credited to Finder16
GitLab has remediated an issue in GitLab EE affecting all versions from 18.0 before 18.6.6, 18.7... Moderate Unreviewed
CVE-2025-12575 was published Feb 11, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.0 before 18.6.6, 18... Moderate Unreviewed
CVE-2025-12073 was published Feb 11, 2026
DoraCMS version 3.1 and prior contains a server-side request forgery (SSRF) vulnerability in its... Moderate Unreviewed
CVE-2026-25870 was published Feb 11, 2026
Server-side request forgery (ssrf) in Azure DevOps Server allows an authorized attacker to... Moderate Unreviewed
CVE-2026-21512 was published Feb 10, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database