GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,258
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,483
Swift
61
Unreviewed advisories
All unreviewed
5,000+
2,533 advisories
Filter by severity
Coder's workspace agent API insecure redirect handling allowed cross-agent file read and write
High
GHSA-qrwj-vh9x-gw5v
was published
for
github.com/coder/coder/v2
(Go)
Jul 6, 2026
Dragonfly scheduler v1 and v2 gRPC unauthenticated SSRF via attacker-controlled PeerHost in DownloadTinyFile
Moderate
CVE-2026-54637
was published
for
d7y.io/dragonfly/v2
(Go)
Jul 6, 2026
flyto-core has SSRF guard bypass via IPv6 transition addresses (IPv4-mapped / 6to4 / NAT64) in validate_url_ssrf
High
CVE-2026-55787
was published
for
flyto-core
(pip)
Jul 6, 2026
Kyverno has SSRF via CEL http.Get/http.Post in NamespacedValidatingPolicy allows cross-namespace data access
High
CVE-2026-4789
was published
for
github.com/kyverno/kyverno
(Go)
Apr 14, 2026
A flaw has been found in AIAnytime Awesome-MCP-Server up to...
Low
Unreviewed
CVE-2026-14748
was published
Jul 5, 2026
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use user-controlled input to craft a URL,...
Critical
Unreviewed
CVE-2021-42637
was published
Feb 9, 2022
A Server-Side Request Forgery (SSRF) vulnerability exists in MicroStrategy Web SDK 11.1 and...
High
Unreviewed
CVE-2020-22983
was published
May 14, 2022
Nagios Enterprises NagiosXI <= 5.8.4 contains a Server-Side Request Forgery (SSRF) vulnerability...
Moderate
Unreviewed
CVE-2021-37223
was published
May 24, 2022
BMC Remedy Mid Tier 9.1SP3 is affected by remote and local file inclusion. Due to the lack of...
Critical
Unreviewed
CVE-2017-17674
was published
May 24, 2022
A Server-Side Request Forgery (SSRF) affecting the PDF generation in MicroStrategy 10.4, 2019...
Moderate
Unreviewed
CVE-2020-24815
was published
May 24, 2022
A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely...
Critical
Unreviewed
CVE-2020-25466
was published
May 24, 2022
Server-side request forgery (ssrf) in Microsoft Edge (Chromium-based) allows an unauthorized...
High
Unreviewed
CVE-2026-57993
was published
Jul 3, 2026
Server-side request forgery (ssrf) in Microsoft Edge (Chromium-based) allows an unauthorized...
Moderate
Unreviewed
CVE-2026-57987
was published
Jul 3, 2026
Server-side request forgery (ssrf) in Microsoft Edge (Chromium-based) allows an unauthorized...
Moderate
Unreviewed
CVE-2026-58278
was published
Jul 3, 2026
The WP Import Export Lite plugin for WordPress is vulnerable to Server-Side Request Forgery in...
Moderate
Unreviewed
CVE-2026-11397
was published
Jul 3, 2026
Server-side request forgery (ssrf) in Microsoft Entra Provisioning Service (SyncFabric) allows an...
Critical
Unreviewed
CVE-2026-57100
was published
Jul 3, 2026
Server-side request forgery (ssrf) in Azure OpenAI allows an authorized attacker to elevate...
Critical
Unreviewed
CVE-2026-45499
was published
Jul 3, 2026
LobeChat before 2.2.10-canary.18 contains a server-side request forgery vulnerability that allows...
High
Unreviewed
CVE-2026-59095
was published
Jul 2, 2026
AutoBangumi before 3.2.8 contains a server-side request forgery (SSRF) vulnerability that allows...
Moderate
Unreviewed
CVE-2026-59101
was published
Jul 2, 2026
Spatie Laravel Media Library contains a server-side request forgery vulnerability
Moderate
CVE-2026-48555
was published
for
spatie/laravel-medialibrary
(Composer)
May 29, 2026
WeasyPrint has a Server-Side Request Forgery (SSRF) Protection Bypass via HTTP Redirect
High
CVE-2025-68616
was published
for
weasyprint
(pip)
Jan 20, 2026
Mautic Focus component Vulnerable to SSRF
Moderate
CVE-2026-9557
was published
for
mautic/core
(Composer)
Jul 2, 2026
@asymmetric-effort/specifyjs: No redirect target validation in secureFetch
Moderate
GHSA-j5qp-p44g-2m49
was published
for
@asymmetric-effort/specifyjs
(npm)
Jul 2, 2026
@asymmetric-effort/specifyjs: `data:` URI allowed without size restriction
Moderate
GHSA-2944-57xv-2682
was published
for
@asymmetric-effort/specifyjs
(npm)
Jul 2, 2026
@asymmetric-effort/specifyjs: Localhost bypass incomplete (IPv6, 0.0.0.0, 127.x range)
Moderate
GHSA-xw57-23p8-9wc5
was published
for
@asymmetric-effort/specifyjs
(npm)
Jul 2, 2026
ProTip!
Advisories are also available from the
GraphQL API