Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,340
Erlang
31
GitHub Actions
22
Go
2,101
Maven
5,000+
npm
3,764
NuGet
679
pip
3,451
Pub
12
RubyGems
892
Rust
885
Swift
37
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

180 advisories

Loading
A Server-Side Request Forgery (SSRF) in weixin.php of ChatGPT-wechat-personal commit a0857f6... Critical Unreviewed
CVE-2024-27565 was published Mar 5, 2024
Should an instance of AnythingLLM be hosted on an internal network and the attacked be explicitly... Critical Unreviewed
CVE-2024-0759 was published Feb 27, 2024
Attacker, with permission to submit a link or submits a link via POST to be collected that is... Critical Unreviewed
CVE-2024-0440 was published Feb 26, 2024
The inclusion of the web scraper for AnythingLLM means that any user with the proper... Critical Unreviewed
CVE-2024-0455 was published Feb 26, 2024
Server Side Template Injection in Gambio 4.9.2.0 allows attackers to run arbitrary code via... Critical Unreviewed
CVE-2024-23761 was published Feb 13, 2024
Unauthenticated LFI/SSRF in JCDashboards component for Joomla. Critical Unreviewed
CVE-2023-40630 was published Dec 14, 2023
Anyscale Ray 2.6.3 and 2.8.0 allows /log_proxy SSRF. NOTE: the vendor's position is that this... Critical Unreviewed
CVE-2023-48023 was published Nov 28, 2023
Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job... Critical Unreviewed
CVE-2023-48022 was published Nov 28, 2023
The WPB Show Core WordPress plugin through 2.2 is vulnerable to server-side request forgery (SSRF... Critical Unreviewed
CVE-2023-5974 was published Nov 27, 2023
Bon Presta boninstagramcarousel between v5.2.1 to v7.0.0 was discovered to contain a Server-Side... Critical Unreviewed
CVE-2023-43982 was published Nov 3, 2023
An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code via... Critical Unreviewed
CVE-2023-41449 was published Sep 28, 2023
An issue in zzCMS v.2023 allows a remote attacker to execute arbitrary code and obtain sensitive... Critical Unreviewed
CVE-2023-42398 was published Sep 15, 2023
Precisely Spectrum Spatial Analyst 20.01 is vulnerable to Server-Side Request Forgery (SSRF). Critical Unreviewed
CVE-2022-42183 was published Jul 31, 2023
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Server Side Request Forgery... Critical Unreviewed
CVE-2023-1895 was published Jul 6, 2023
Certain HP LaserJet Pro print products are potentially vulnerable to Potential Remote Code... Critical Unreviewed
CVE-2023-35175 was published Jun 30, 2023
In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing Critical Unreviewed
CVE-2022-48477 was published Apr 24, 2023
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before... Critical Unreviewed
CVE-2018-17452 was published Apr 16, 2023
A vulnerability was found in OTCMS 6.72. It has been classified as critical. Affected is the... Critical Unreviewed
CVE-2023-1634 was published Mar 25, 2023
Report v0.9.8.6 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability. Critical Unreviewed
CVE-2022-46973 was published Mar 4, 2023
Unauthenticated server side request forgery in HPE Serviceguard Manager Critical Unreviewed
CVE-2022-37938 was published Mar 1, 2023
An issue in the website background of taocms v3.0.2 allows attackers to execute a Server-Side... Critical Unreviewed
CVE-2022-46998 was published Jan 26, 2023
In certain Lexmark products through 2023-01-12, SSRF can occur because of a lack of input... Critical Unreviewed
CVE-2023-23560 was published Jan 23, 2023
Wildix WMS 6 before 6.02.20221216, WMS 5 before 5.04.20221214, and WMS4 before 4.04.45396.23... Critical Unreviewed
CVE-2022-47635 was published Dec 21, 2022
IBM Cognos Analytics 11.1.7 11.2.0, and 11.2.1 could be vulnerable to a Server-Side Request... Critical Unreviewed
CVE-2022-38708 was published Dec 19, 2022
Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) are vulnerable to SSRF when... Critical Unreviewed
CVE-2022-35508 was published Dec 4, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database