GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
118 advisories
Keycloak Server-Side Request Forgery via OIDC token endpoint manipulation
Low
CVE-2026-4874
was published
for
org.keycloak:keycloak-services
(Maven)
Mar 26, 2026
Spinnaker clouddriver and orca URL validation bypass via underscores in hostnames
Critical
CVE-2026-25534
was published
for
io.spinnaker.clouddriver:clouddriver-artifacts
(Maven)
Mar 16, 2026
Nu Html Checker (vnu) contains a Server-Side Request Forgery (SSRF) vulnerability
Moderate
CVE-2025-15104
was published
for
nu.validator:validator
(Maven)
Jan 16, 2026
Spinnaker vulnerable to SSRF due to improper restrictions on http from user input
High
CVE-2025-61916
was published
for
io.spinnaker.clouddriver:clouddriver-artifacts
(Maven)
Jan 5, 2026
PowSyBl Core XML Reader allows XXE and SSRF
Low
CVE-2025-47293
was published
for
com.powsybl:powsybl-commons
(Maven)
Jun 19, 2025
GeoServer vulnerable to SSRF in TestWfsPost for specific targets, e.g. PHP + Nginx
High
GHSA-68cf-j696-wvv9
was published
for
org.geoserver:gs-wfs
(Maven)
Jun 10, 2025
GeoNetwork affected by XML External Entity (XXE) processing vulnerability in WFS indexing REST API endpoint
High
GHSA-2p76-gc46-5fvc
was published
for
org.geonetwork-opensource:gn-web-app
(Maven)
Jun 10, 2025
[XBOW-025-068] XML External Entity (XXE) Processing Vulnerability in GeoServer WFS Service
High
CVE-2025-30220
was published
for
org.geoserver.web:gs-web-app
(Maven)
Jun 10, 2025
Coverage REST API Server Side Request Forgery
Moderate
CVE-2024-40625
was published
for
org.geoserver.web:gs-web-app
(Maven)
Jun 10, 2025
GeoServer has improper ENTITY_RESOLUTION_ALLOWLIST URI validation in XML Processing (SSRF)
Critical
CVE-2024-34711
was published
for
org.geoserver.main:gs-main
(Maven)
Jun 10, 2025
GeoServer Vulnerable to Unauthenticated SSRF via TestWfsPost
High
CVE-2024-29198
was published
for
org.geoserver.web:gs-app
(Maven)
Jun 10, 2025
ProTip!
Advisories are also available from the
GraphQL API