GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
15 advisories
Filter by severity
memos vulnerable to Server-Side Request Forgery and Cross-site Scripting
Moderate
CVE-2024-29029
was published
for
github.com/usememos/memos
(Go)
Aug 5, 2024
memos vulnerable to Server-Side Request Forgery in /api/resource
Moderate
CVE-2024-29030
was published
for
github.com/usememos/memos
(Go)
Aug 5, 2024
memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta
Moderate
CVE-2024-29028
was published
for
github.com/usememos/memos
(Go)
Aug 5, 2024
Server-Side Request Forgery in github.com/greenpau/caddy-security
Moderate
CVE-2024-21498
was published
for
github.com/greenpau/caddy-security
(Go)
Feb 17, 2024
imgproxy is vulnerable to Server-Side Request Forgery
Moderate
CVE-2023-30019
was published
for
github.com/imgproxy/imgproxy/v3
(Go)
May 8, 2023
Server Side Request Forgery in Grafana
Moderate
CVE-2020-13379
was published
for
github.com/grafana/grafana
(Go)
Feb 15, 2022
Server Side Request Forgery (SSRF) in Kubernetes
Moderate
CVE-2020-8555
was published
for
k8s.io/kubernetes
(Go)
Feb 15, 2022
KubeVela VelaUX APIserver has SSRF vulnerability
Moderate
CVE-2022-39383
was published
for
github.com/oam-dev/kubevela
(Go)
Nov 18, 2022
request-baskets vulnerable to Server-Side Request Forgery
Moderate
CVE-2023-27163
was published
for
github.com/darklynx/request-baskets
(Go)
Mar 31, 2023
Gophish vulnerable to Server-Side Request Forgery
Moderate
CVE-2020-24710
was published
for
github.com/gophish/gophish
(Go)
May 24, 2022
Gitea displaying raw OpenID error in UI
Moderate
CVE-2021-45325
was published
for
github.com/go-gitea/gitea
(Go)
Feb 9, 2022
Smokescreen SSRF via deny list bypass (square brackets)
Moderate
CVE-2022-29188
was published
for
github.com/stripe/smokescreen
(Go)
May 24, 2022
Smokescreen SSRF via deny list bypass
Moderate
CVE-2022-24825
was published
for
github.com/stripe/smokescreen
(Go)
Apr 7, 2022
SSRF in repository migration
Moderate
CVE-2022-0870
was published
for
gogs.io/gogs
(Go)
Mar 12, 2022
SSRF in repository migration
Moderate
GHSA-q347-cg56-pcq4
was published
for
gogs.io/gogs
(Go)
Mar 14, 2022
ProTip!
Advisories are also available from the
GraphQL API