Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
48
Go
3,343
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,550
Pub
12
RubyGems
1,013
Rust
1,203
Swift
51
Unreviewed advisories
All unreviewed
5,000+

1,987 advisories

Loading
@backstage/plugin-auth-backend: SSRF in experimental CIMD metadata fetch Low
CVE-2026-32236 was published for @backstage/plugin-auth-backend (npm) Mar 12, 2026
ha-mcp OAuth 2.1 DCR mode enables network reconnaissance via an error oracle Moderate
CVE-2026-32111 was published for ha-mcp (pip) Mar 12, 2026
yotampe-pluto Credited to yotampe-pluto and julienld julienld julienld
SiYuan has a Full-Read SSRF via /api/network/forwardProxy High
CVE-2026-32110 was published for github.com/siyuan-note/siyuan/kernel (Go) Mar 12, 2026
ritikchaddha Credited to ritikchaddha and neo-ai-engineer neo-ai-engineer neo-ai-engineer
A vulnerability has been found in Woahai321 ListSync up to 0.6.6. This issue affects the function... Moderate Unreviewed
CVE-2026-3958 was published Mar 12, 2026
A vulnerability was detected in 648540858 wvp-GB28181-pro up to 2.7.4-20260107. Affected by this... Moderate Unreviewed
CVE-2026-3966 was published Mar 12, 2026
A vulnerability was determined in zyddnys manga-image-translator up to beta-0.3. The affected... Moderate Unreviewed
CVE-2026-3961 was published Mar 12, 2026
An issue pertaining to CWE-918: Server-Side Request Forgery was discovered in Sunbird-Ed... High Unreviewed
CVE-2025-70027 was published Mar 11, 2026
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and... Moderate Unreviewed
CVE-2026-21293 was published Mar 11, 2026
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and... Moderate Unreviewed
CVE-2026-21294 was published Mar 11, 2026
Quill vulnerable to SSRF via unvalidated URL from Apple notarization log retrieval Moderate
CVE-2026-31959 was published for github.com/anchore/quill (Go) Mar 11, 2026
Flowise affected by Server-Side Request Forgery (SSRF) in HTTP Node Leading to Internal Network Access High
CVE-2026-31829 was published for flowise (npm) Mar 11, 2026
nlgbao1340 Credited to nlgbao1340
pdfmake is vulnerable to server-side request forgery (SSRF) High
CVE-2026-26801 was published for pdfmake (npm) Mar 10, 2026
mariopepe Credited to mariopepe
MCP Atlassian has SSRF via unvalidated X-Atlassian-Jira-Url / X-Atlassian-Confluence-Url headers High
CVE-2026-27826 was published for mcp-atlassian (pip) Mar 10, 2026
yotampe-pluto Credited to yotampe-pluto and gil-maman-p gil-maman-p gil-maman-p
Azure MCP Server has Server-Side Request Forgery issue that allows authorized attacker to elevate privileges over a network High
CVE-2026-26118 was published for @azure/mcp (npm) Mar 10, 2026
alzimmermsft Credited to alzimmermsft and vcolin7 vcolin7 vcolin7
Server-side request forgery (ssrf) in Azure IoT Explorer allows an unauthorized attacker to... High Unreviewed
CVE-2026-26121 was published Mar 10, 2026
SAP NetWeaver Application Server for ABAP provides an ABAP Report for testing purposes, which... Moderate Unreviewed
CVE-2026-24316 was published Mar 10, 2026
vLLM has SSRF Protection Bypass Moderate
CVE-2026-25960 was published for vllm (pip) Mar 9, 2026
RacerZ-fighting Credited to RacerZ-fighting, russellb, DarkLight1337, and Isotr0py russellb russellb
DarkLight1337 DarkLight1337 Isotr0py Isotr0py
An issue pertaining to CWE-918: Server-Side Request Forgery was discovered in oslabs-beta... Critical Unreviewed
CVE-2025-70042 was published Mar 9, 2026
A server-side request forgery (SSRF) vulnerability in IKEA Dirigera v2.866.4 allows an attacker... High Unreviewed
CVE-2026-3588 was published Mar 9, 2026
A security vulnerability has been detected in Bytedesk up to 1.3.9. This impacts the function... Moderate Unreviewed
CVE-2026-3788 was published Mar 9, 2026
A vulnerability was detected in Bytedesk up to 1.3.9. Affected is the function getModels of the... Moderate Unreviewed
CVE-2026-3789 was published Mar 9, 2026
A security vulnerability has been detected in ContiNew Admin up to 4.2.0. This issue affects the... Moderate Unreviewed
CVE-2026-3750 was published Mar 8, 2026
A vulnerability was detected in xuxueli xxl-job up to 3.3.2. This impacts an unknown function of... Moderate Unreviewed
CVE-2026-3733 was published Mar 8, 2026
A weakness has been identified in welovemedia FFmate up to 2.0.15. This affects the function... Moderate Unreviewed
CVE-2026-3681 was published Mar 8, 2026
A vulnerability was detected in bufanyun HotGo up to 2.0. This issue affects the function... Moderate Unreviewed
CVE-2026-3683 was published Mar 8, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database