Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,642 advisories

Loading
Soft Serve is vulnerable to SSRF through its Webhooks Critical
CVE-2025-64522 was published for github.com/charmbracelet/soft-serve (Go) Nov 10, 2025
Tomer-PL caarlos0
Credited to Tomer-PL and caarlos0
A Server-Side Request Forgery (SSRF) in the /api/proxy/ component of linshenkx prompt-optimizer... High Unreviewed
CVE-2025-60541 was published Nov 6, 2025
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Server... Moderate Unreviewed
CVE-2025-12560 was published Nov 6, 2025
Parse Server Vulnerable to Server-Side Request Forgery (SSRF) in File Upload via URI Format High
CVE-2025-64430 was published for parse-server (npm) Nov 5, 2025
jacksonkasi1 mtrezza
Credited to jacksonkasi1 and mtrezza
The B Carousel Block – Responsive Image and Content Carousel plugin for WordPress is vulnerable... Moderate Unreviewed
CVE-2025-12388 was published Nov 5, 2025
The WPeMatico RSS Feed Fetcher plugin for WordPress is vulnerable to Server-Side Request Forgery... Moderate Unreviewed
CVE-2025-11917 was published Nov 5, 2025
Jellysweep uses uncontrolled data in image cache API endpoint High
CVE-2025-64178 was published for github.com/jon4hz/jellysweep (Go) Nov 4, 2025
PerfreeBlog v4.0.11 is vulnerable to Server-Side Request Forgery due to a missing authorization... Moderate Unreviewed
CVE-2025-60319 was published Oct 30, 2025
An unauthenticated server-side request forgery (SSRF) vulnerability in the Thumbnail via-uri... Moderate Unreviewed
CVE-2025-60898 was published Oct 29, 2025
Keras is vulnerable to arbitrary local file loading and Server-Side Request Forgery Moderate
CVE-2025-12058 was published for keras (pip) Oct 29, 2025
Astro's bypass of image proxy domain validation leads to SSRF and potential XSS High
CVE-2025-59837 was published for astro (npm) Oct 28, 2025
everping GeneralZero
Credited to everping and GeneralZero
IBM Concert 1.0.0 through 2.0.0 Software is vulnerable to server-side request forgery (SSRF).... Moderate Unreviewed
CVE-2025-36085 was published Oct 28, 2025
The Auto Featured Image (Auto Post Thumbnail) plugin for WordPress is vulnerable to Server-Side... High Unreviewed
CVE-2025-10145 was published Oct 28, 2025
Server-Side Request Forgery (SSRF) vulnerability in Codeless Slider Templates slider-templates... Moderate Unreviewed
CVE-2025-62988 was published Oct 27, 2025
The Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce... High Unreviewed
CVE-2025-10861 was published Oct 24, 2025
The Real Cookie Banner: GDPR & ePrivacy Cookie Consent plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-12136 was published Oct 24, 2025
Server-side request forgery (ssrf) in Azure Compute Gallery allows an authorized attacker to... Critical Unreviewed
CVE-2025-59503 was published Oct 24, 2025
The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator... Moderate Unreviewed
CVE-2025-11128 was published Oct 23, 2025
The MxChat – AI Chatbot for WordPress plugin for WordPress is vulnerable to Blind Server-Side... Moderate Unreviewed
CVE-2025-10705 was published Oct 23, 2025
Server-Side Request Forgery (SSRF) vulnerability in Icegram Icegram Express Pro email-subscribers... Moderate Unreviewed
CVE-2025-49917 was published Oct 22, 2025
Server-Side Request Forgery (SSRF) vulnerability in captcha.eu Captcha.eu captcha-eu allows... Moderate Unreviewed
CVE-2025-49374 was published Oct 22, 2025
Zimbra Collaboration (ZCS) before 10.1.12 allows SSRF because of the configuration of the chat... Moderate Unreviewed
CVE-2025-62763 was published Oct 21, 2025
Shopware vulnerable to Server-Side Request Forgery (SSRF) – order invoice Low
GHSA-3cpp-fv95-mpr5 was published for shopware/core (Composer) Oct 21, 2025
larskemper
Credited to larskemper
The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Blind Server-Side... Moderate Unreviewed
CVE-2025-11536 was published Oct 21, 2025
The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for... Moderate Unreviewed
CVE-2025-11361 was published Oct 18, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database