Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,931
Maven
5,000+
npm
5,000+
NuGet
969
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,382
Swift
56
Unreviewed advisories
All unreviewed
5,000+

2,344 advisories

Loading
PraisonAI spider_tools SSRF protection bypass via alternate loopback host encodings Moderate
CVE-2026-47390 was published for PraisonAI (pip) May 29, 2026
beanduan22 Credited to beanduan22
Nezha's authenticated DDNS webhook configuration allows blind SSRF from the dashboard host Moderate
CVE-2026-47268 was published for github.com/nezhahq/nezha (Go) May 29, 2026
sondt99 Credited to sondt99
Spatie Laravel Media Library before version 11.23.0 contains a server-side request forgery... Moderate Unreviewed
CVE-2026-48555 was published May 29, 2026
In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible High Unreviewed
CVE-2026-49372 was published May 29, 2026
CC-Tweaked has an SSRF Protection Bypass with NAT64 High
CVE-2026-47695 was published for cc.tweaked:cc-tweaked-1.19.3-core (Maven) May 29, 2026
JLLeitschuh Credited to JLLeitschuh
Koel Vulnerable to SSRF via Podcast Episode Enclosure URLs High
CVE-2026-47260 was published for phanan/koel (Composer) May 29, 2026
EndlssNightmare Credited to EndlssNightmare
MoviePilot v2 contains a server-side request forgery vulnerability in the image proxy endpoint... High Unreviewed
CVE-2026-10107 was published May 29, 2026
A flaw has been found in Shibby Tomato 1.28. The affected element is the function send of the... Moderate Unreviewed
CVE-2026-10068 was published May 29, 2026
Gotenberg has an SSRF deny-list bypass in IsPublicIP via IPv6 6to4 / NAT64 / site-local prefixes High
CVE-2026-45741 was published for github.com/gotenberg/gotenberg/v8 (Go) May 29, 2026
yuui25 Credited to yuui25
axios's shouldBypassProxy does not recognize IPv4-mapped IPv6 addresses, allowing NO_PROXY bypass (incomplete fix for CVE-2025-62718) High
CVE-2026-44492 was published for axios (npm) May 29, 2026
HamdaanAliQuatil Credited to HamdaanAliQuatil
A flaw was found in the OpenShift Router. A user with EndpointSlice write access can exploit this... High Unreviewed
CVE-2026-42965 was published May 29, 2026
A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with... Moderate Unreviewed
CVE-2026-10052 was published May 29, 2026
Server-Side Request Forgery (CWE-918) in Kibana can allow an authenticated user with connector... Moderate Unreviewed
CVE-2026-49093 was published May 28, 2026
Server-Side Request Forgery (CWE-918) in Kibana allows authenticated users with connector... High Unreviewed
CVE-2026-42398 was published May 28, 2026
Music Player Daemon (MPD) before version 0.24.11 contains a server-side request forgery... Moderate Unreviewed
CVE-2026-49129 was published May 28, 2026
local-deep-research has an SSRF bypass in `safe_get` Moderate
CVE-2026-46526 was published for local-deep-research (pip) May 28, 2026
Fushuling Credited to Fushuling and RacerZ-fighting RacerZ-fighting RacerZ-fighting
compliance-trestle Vulnerable to SSRF in Remote Fetching Subsystem Moderate
CVE-2026-46380 was published for compliance-trestle (pip) May 28, 2026
yantongggg Credited to yantongggg and l3tchupkt l3tchupkt l3tchupkt
FlowIntel up to version 3.3.0 contains a server-side request forgery (SSRF) vulnerability in the... Moderate Unreviewed
CVE-2026-9813 was published May 28, 2026
The Independent Analytics plugin for WordPress is vulnerable to Server-Side Request Forgery in... Moderate Unreviewed
CVE-2026-5737 was published May 28, 2026
Jenkins Active Directory Plugin 2.41 and earlier follows LDAP referrals by default. Moderate Unreviewed
CVE-2026-48918 was published May 27, 2026
Jenkins LDAP Plugin 807.v7d7de30930cf and earlier follows LDAP referrals. Moderate Unreviewed
CVE-2026-48916 was published May 27, 2026
A server-side request forgery (SSRF) vulnerability was identified in GitHub Enterprise Server... Critical Unreviewed
CVE-2026-9312 was published May 27, 2026
A Server-Side Request Forgery (SSRF) vulnerability was identified in GitHub Enterprise Server... High Unreviewed
CVE-2026-8606 was published May 27, 2026
A vulnerability in the Google Cloud Apigee SetIntegrationRequest policy allowed remote attackers... Critical Unreviewed
CVE-2026-2264 was published May 26, 2026
IBM webMethods Integration (on prem) -Integration Server 10.15 through IS_10.15_Core_Fix2611.1 to... Moderate Unreviewed
CVE-2025-14290 was published May 26, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database