GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
29 advisories
Filter by severity
req may send an unintended request when a malformed URL is provided
High
CVE-2024-45258
was published
for
github.com/imroc/req
(Go)
Aug 26, 2024
Trufflehog vulnerable to Blind SSRF in some Detectors
Low
CVE-2024-43379
was published
for
github.com/trufflesecurity/trufflehog/v3
(Go)
Aug 19, 2024
memos vulnerable to Server-Side Request Forgery and Cross-site Scripting
Moderate
CVE-2024-29029
was published
for
github.com/usememos/memos
(Go)
Aug 5, 2024
memos vulnerable to Server-Side Request Forgery in /api/resource
Moderate
CVE-2024-29030
was published
for
github.com/usememos/memos
(Go)
Aug 5, 2024
memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta
Moderate
CVE-2024-29028
was published
for
github.com/usememos/memos
(Go)
Aug 5, 2024
Server-Side Request Forgery in github.com/greenpau/caddy-security
Moderate
CVE-2024-21498
was published
for
github.com/greenpau/caddy-security
(Go)
Feb 17, 2024
Apache ServiceComb Service-Center Server-Side Request Forgery vulnerability
High
CVE-2023-44313
was published
for
github.com/apache/servicecomb-service-center
(Go)
Jan 31, 2024
Artifact Hub allows unsafe rego built-in
Low
CVE-2023-45822
was published
for
github.com/artifacthub/hub
(Go)
Oct 19, 2023
imgproxy is vulnerable to Server-Side Request Forgery
Moderate
CVE-2023-30019
was published
for
github.com/imgproxy/imgproxy/v3
(Go)
May 8, 2023
Access control issues in blackbox_exporter
High
CVE-2023-26735
was published
for
github.com/prometheus/blackbox_exporter
(Go)
Apr 26, 2023
request-baskets vulnerable to Server-Side Request Forgery
Moderate
CVE-2023-27163
was published
for
github.com/darklynx/request-baskets
(Go)
Mar 31, 2023
Paranoidhttp Server-Side Request Forgery vulnerability
High
CVE-2023-24623
was published
for
github.com/hakobe/paranoidhttp
(Go)
Jan 30, 2023
KubeVela VelaUX APIserver has SSRF vulnerability
Moderate
CVE-2022-39383
was published
for
github.com/oam-dev/kubevela
(Go)
Nov 18, 2022
Skipper vulnerable to SSRF via X-Skipper-Proxy
Critical
CVE-2022-38580
was published
for
github.com/zalando/skipper
(Go)
Oct 25, 2022
Server-Side Request Forgery in gogs webhook
High
CVE-2022-1285
was published
for
gogs.io/gogs
(Go)
Jun 3, 2022
Smokescreen SSRF via deny list bypass (square brackets)
Moderate
CVE-2022-29188
was published
for
github.com/stripe/smokescreen
(Go)
May 24, 2022
Server-Side Request Forgery in charm
Critical
CVE-2022-29180
was published
for
github.com/charmbracelet/charm
(Go)
May 24, 2022
Gophish vulnerable to Server-Side Request Forgery
Moderate
CVE-2020-24710
was published
for
github.com/gophish/gophish
(Go)
May 24, 2022
Gogs and Gitea SSRF Vulnerability
High
CVE-2018-15192
was published
for
code.gitea.io/gitea
(Go)
May 14, 2022
ProxyScotch is vulnerable to a server-side Request Forgery (SSRF)
High
CVE-2022-25850
was published
for
github.com/hoppscotch/proxyscotch
(Go)
May 3, 2022
Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector
High
CVE-2022-29153
was published
for
github.com/hashicorp/consul
(Go)
Apr 20, 2022
Smokescreen SSRF via deny list bypass
Moderate
CVE-2022-24825
was published
for
github.com/stripe/smokescreen
(Go)
Apr 7, 2022
SSRF in repository migration
Moderate
GHSA-q347-cg56-pcq4
was published
for
gogs.io/gogs
(Go)
Mar 14, 2022
SSRF in repository migration
Moderate
CVE-2022-0870
was published
for
gogs.io/gogs
(Go)
Mar 12, 2022
Server Side Request Forgery in Grafana
Moderate
CVE-2020-13379
was published
for
github.com/grafana/grafana
(Go)
Feb 15, 2022
ProTip!
Advisories are also available from the
GraphQL API