Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,971
Maven
5,000+
npm
4,616
NuGet
788
pip
4,316
Pub
12
RubyGems
984
Rust
1,126
Swift
49
Unreviewed advisories
All unreviewed
5,000+

1,802 advisories

Loading
The Converter for Media – Optimize images | Convert WebP & AVIF plugin for WordPress is... Moderate Unreviewed
CVE-2026-1356 was published Feb 12, 2026
@langchain/community affected by SSRF Bypass in RecursiveUrlLoader via insufficient URL origin validation Moderate
CVE-2026-26019 was published for @langchain/community (npm) Feb 11, 2026
kpanuragh hntrl
Credited to kpanuragh and hntrl
LangChain affected by SSRF via image_url token counting in ChatOpenAI.get_num_tokens_from_messages Low
CVE-2026-26013 was published for langchain-core (pip) Feb 11, 2026
Finder16
Credited to Finder16
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.0 before 18.6.6, 18... Moderate Unreviewed
CVE-2025-12073 was published Feb 11, 2026
GitLab has remediated an issue in GitLab EE affecting all versions from 18.0 before 18.6.6, 18.7... Moderate Unreviewed
CVE-2025-12575 was published Feb 11, 2026
DoraCMS version 3.1 and prior contains a server-side request forgery (SSRF) vulnerability in its... Moderate Unreviewed
CVE-2026-25870 was published Feb 11, 2026
Server-side request forgery (ssrf) in Azure DevOps Server allows an authorized attacker to... Moderate Unreviewed
CVE-2026-21512 was published Feb 10, 2026
Server-Side Request Forgery (SSRF) vulnerability in Teknolist Computer Systems Software... Critical Unreviewed
CVE-2025-11242 was published Feb 10, 2026
Faraday affected by SSRF via protocol-relative URL host override in build_exclusive_url Moderate
CVE-2026-25765 was published for faraday (RubyGems) Feb 9, 2026
theamanrawat neo-ai-engineer
Credited to theamanrawat and neo-ai-engineer
LangSmith Client SDK Affected by Server-Side Request Forgery via Tracing Header Injection Moderate
CVE-2026-25528 was published for langsmith (npm) Feb 9, 2026
Craft CMS Vulnerable to SSRF in GraphQL Asset Mutation via Alternative IP Notation Moderate
CVE-2026-25494 was published for craftcms/cms (Composer) Feb 9, 2026
mHe4am
Credited to mHe4am
Craft CMS Vulnerable to SSRF in GraphQL Asset Mutation via HTTP Redirect Moderate
CVE-2026-25493 was published for craftcms/cms (Composer) Feb 9, 2026
mHe4am
Credited to mHe4am
Craft CMS: save_images_Asset graphql mutation can be abused to exfiltrate AWS credentials of underlying host Moderate
CVE-2026-25492 was published for craftcms/craft (Composer) Feb 9, 2026
LeftenantZero
Credited to LeftenantZero
The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Server-Side Request... Moderate Unreviewed
CVE-2026-0632 was published Feb 9, 2026
MCP Run Python Deno Sandbox Misconfiguration Allows SSRF Attacks via Localhost Access Moderate
CVE-2026-25904 was published for mcp-run-python (pip) Feb 9, 2026
saivarun3407
Credited to saivarun3407
Pydantic AI has Server-Side Request Forgery (SSRF) in URL Download Handling High
CVE-2026-25580 was published for pydantic-ai (pip) Feb 6, 2026
YuvalElbar6 doredry
Credited to YuvalElbar6 and doredry
webpack buildHttp: allowedUris allow-list bypass via URL userinfo (@) leading to build-time SSRF behavior Low
CVE-2025-68458 was published for webpack (npm) Feb 5, 2026
HanJeouk alexander-akait
Credited to HanJeouk and alexander-akait
webpack buildHttp HttpUriPlugin allowedUris bypass via HTTP redirects → SSRF + cache persistence Low
CVE-2025-68157 was published for webpack (npm) Feb 5, 2026
HanJeouk alexander-akait
Credited to HanJeouk and alexander-akait
The All In One Image Viewer Block plugin for WordPress is vulnerable to Server-Side Request... High Unreviewed
CVE-2026-1294 was published Feb 5, 2026
A weakness has been identified in ZenTao up to 21.7.6-85642. The impacted element is the function... Moderate Unreviewed
CVE-2026-1884 was published Feb 5, 2026
Tiny File Manager through 2.6 contains a server-side request forgery (SSRF) vulnerability in the... Critical Unreviewed
CVE-2025-46651 was published Feb 3, 2026
Server-Side Request Forgery (SSRF) vulnerability in ThemeGoods Grand Blog grandblog allows Server... Moderate Unreviewed
CVE-2026-24961 was published Feb 3, 2026
IBM Business Automation Workflow containers V25.0.0 through V25.0.0-IF007, V24.0.1 - V24.0.1... High Unreviewed
CVE-2025-13096 was published Feb 3, 2026
Keycloak Server-Side Request Forgery (SSRF) vulnerability Low
CVE-2026-1518 was published for org.keycloak:keycloak-parent (Maven) Feb 2, 2026
NocoDB has Blind SSRF via Unvalidated HEAD Request in uploadViaURL Functionality Moderate
CVE-2026-24767 was published for nocodb (npm) Jan 28, 2026
kolega-ai-dev
Credited to kolega-ai-dev
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database