Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,585
Maven
5,000+
npm
5,000+
NuGet
923
pip
4,817
Pub
13
RubyGems
1,043
Rust
1,251
Swift
53
Unreviewed advisories
All unreviewed
5,000+

2,156 advisories

Loading
Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management allows an... Critical Unreviewed
CVE-2026-35431 was published Apr 24, 2026
Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to... High Unreviewed
CVE-2026-26150 was published Apr 24, 2026
Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized... Critical Unreviewed
CVE-2026-32210 was published Apr 24, 2026
Cloudflare has SSRF via redirect following through its image-binding-transform endpoint (incomplete fix for GHSA-qpr4) Low
CVE-2026-41321 was published for @astrojs/cloudflare (npm) Apr 23, 2026
kodareef5 Credited to kodareef5
SocialEngine versions 7.8.0 and prior contain a blind server-side request forgery vulnerability... Moderate Unreviewed
CVE-2026-41461 was published Apr 23, 2026
WeKan before 8.35 contains a server-side request forgery vulnerability in webhook integration URL... Moderate Unreviewed
CVE-2026-41455 was published Apr 23, 2026
RAGAS has SSRF via Multi-Modal Faithfulness Collections Module Low
CVE-2026-6587 was published for ragas (pip) Apr 20, 2026
Flarum: Path traversal in LESS parser via theme color settings (incomplete fix for CVE-2023-27577) Moderate
GHSA-xjvc-pw2r-6878 was published for flarum/core (Composer) Apr 22, 2026
LiamSnow Credited to LiamSnow and imorland imorland imorland
monetr: Server-side request forgery in Lunch Flow link creation and refresh High
CVE-2026-41644 was published for github.com/monetr/monetr (Go) Apr 22, 2026
elliotcourant Credited to elliotcourant
An issue was discovered in guardsix (formerly Logpoint) ODBC Enrichment Plugins before 5.2.1 (5.2... High Unreviewed
CVE-2026-35548 was published Apr 22, 2026
Postiz has Multiple SSRF Vectors - Webhooks, RSS Feed, URL Loader High
GHSA-89v5-38xr-9m4j was published for postiz (npm) Mar 27, 2026
egelhaus Credited to egelhaus
A server-side request forgery (SSRF) vulnerability was identified in GitHub Enterprise Server... High Unreviewed
CVE-2026-5921 was published Apr 22, 2026
A vulnerability was found in Bagisto up to 2.3.15. Affected is the function copy of the component... Moderate Unreviewed
CVE-2026-6744 was published Apr 21, 2026
Glances has SSRF in IP Plugin via public_api leading to credential leakage High
CVE-2026-35587 was published for glances (pip) Apr 21, 2026
Venukamatchi Credited to Venukamatchi
LMDeploy has Server-Side Request Forgery (SSRF) via Vision-Language Image Loading High
CVE-2026-33626 was published for lmdeploy (pip) Apr 21, 2026
stepanskyigor-orca Credited to stepanskyigor-orca
OpenClaw: SSRF via Unguarded `fetch()` in Marketplace Plugin Download and Ollama Model Discovery Moderate
CVE-2026-41302 was published for openclaw (npm) Apr 2, 2026
tdjackey Credited to tdjackey
OpenClaw: Marketplace Plugin Download Follows Redirects Without SSRF Protection Moderate
CVE-2026-41297 was published for openclaw (npm) Apr 7, 2026
AntAISecurityLab Credited to AntAISecurityLab
Vvveb prior to 1.0.8.1 contains a server-side request forgery vulnerability in the oEmbedProxy... High Unreviewed
CVE-2026-34428 was published Apr 20, 2026
A vulnerability was determined in Qibo CMS 1.0. Affected by this issue is some unknown... Moderate Unreviewed
CVE-2026-6649 was published Apr 20, 2026
A security vulnerability has been detected in moxi624 Mogu Blog v2 up to 5.2. Affected by this... Moderate Unreviewed
CVE-2026-6625 was published Apr 20, 2026
A flaw has been found in langgenius dify up to 1.13.3. This issue affects the function... Moderate Unreviewed
CVE-2026-6618 was published Apr 20, 2026
A vulnerability was detected in langgenius dify up to 0.6.9. This vulnerability affects the... Moderate Unreviewed
CVE-2026-6617 was published Apr 20, 2026
A security vulnerability has been detected in TransformerOptimus SuperAGI up to 0.0.14. This... Moderate Unreviewed
CVE-2026-6616 was published Apr 20, 2026
A weakness has been identified in modelscope agentscope up to 1.0.18. This vulnerability affects... Moderate Unreviewed
CVE-2026-6606 was published Apr 20, 2026
A vulnerability was identified in modelscope agentscope up to 1.0.18. Affected by this issue is... Moderate Unreviewed
CVE-2026-6604 was published Apr 20, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database