Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

131 advisories

Loading
jackson-databind: InetSocketAddress deserialization triggers eager DNS resolution (SSRF) Moderate
CVE-2026-54514 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jun 23, 2026
omkhar Credited to omkhar
OpenAM Authenticated Server-Side Request Forgery (SSRF) via `/sessionservice` Moderate
CVE-2026-44202 was published for org.openidentityplatform.openam:openam-core (Maven) Jun 22, 2026
GeoServer has a Server-Side Request Forgery (SSRF) Vulnerability in its XML Entity Resolution Moderate
CVE-2025-58175 was published for org.geoserver.web:gs-web-app (Maven) Jun 12, 2026
lemauanhphong Credited to lemauanhphong and jodygarnett jodygarnett jodygarnett
CC-Tweaked has an SSRF Protection Bypass with NAT64 High
CVE-2026-47695 was published for cc.tweaked:cc-tweaked-1.19.3-core (Maven) May 29, 2026
JLLeitschuh Credited to JLLeitschuh
Jenkins Active Directory Plugin follows LDAP referrals by default Moderate
CVE-2026-48918 was published for org.jenkins-ci.plugins:active-directory (Maven) May 27, 2026
Jenkins LDAP Plugin follows LDAP referrals Moderate
CVE-2026-48916 was published for org.jenkins-ci.plugins:ldap (Maven) May 27, 2026
Spring AI MCP Security: Unvalidated URL Fetching (SSRF) High
CVE-2026-45609 was published for org.springaicommunity:mcp-client-security (Maven) May 18, 2026
srikanthramu Credited to srikanthramu
Geyser Vulnerable to Server-Side Request Forgery (SSRF) via Player Head Texture URL in Geyser Low
CVE-2026-42188 was published for org.geysermc.geyser:core (Maven) May 5, 2026
shibata-yudai Credited to shibata-yudai and onebeastchris onebeastchris onebeastchris
XWiki PlantUML Macro Vulnerable to Server-Side Request Forgery (SSRF) via 'server' parameter Moderate
CVE-2026-42140 was published for org.xwiki.contrib.plantuml:macro-plantuml-macro (Maven) May 5, 2026
lukasz-rybak Credited to lukasz-rybak
Eclipse BaSyx Java Server SDK vulnerable to Server-Side Request Forgery High
CVE-2026-7412 was published for org.eclipse.basyx:basyx.sdk (Maven) May 5, 2026
FHIR Validator: Unauthenticated Blind SSRF via /loadIG Endpoint Enables Internal Network Probing Moderate
CVE-2026-34360 was published for ca.uhn.hapi.fhir:org.hl7.fhir.core (Maven) Mar 30, 2026
offset Credited to offset
Spring AI: Insufficient Validation causes SSRF when processing multimodal messages with user-supplied URLs High
CVE-2026-22742 was published for org.springframework.ai:spring-ai-bedrock-converse (Maven) Mar 27, 2026
Keycloak Server-Side Request Forgery via OIDC token endpoint manipulation Low
CVE-2026-4874 was published for org.keycloak:keycloak-services (Maven) Mar 26, 2026
krapovneru Credited to krapovneru and dnegreira dnegreira dnegreira
Spinnaker clouddriver and orca URL validation bypass via underscores in hostnames Critical
CVE-2026-25534 was published for io.spinnaker.clouddriver:clouddriver-artifacts (Maven) Mar 16, 2026
jaydhulia Credited to jaydhulia and jasonmcintosh jasonmcintosh jasonmcintosh
PSI Probe vulnerable to Server-Side Request Forgery Low
CVE-2026-3270 was published for com.github.psi-probe:psi-probe-core (Maven) Feb 27, 2026
Keycloak Server-Side Request Forgery (SSRF) vulnerability Low
CVE-2026-1518 was published for org.keycloak:keycloak-parent (Maven) Feb 2, 2026
Keycloak’s OpenID Connect Dynamic Client Registration feature affected by Server-Side Request Forgery (SSRF) Moderate
CVE-2026-1180 was published for org.keycloak:keycloak-adapter-core (Maven) Jan 20, 2026
Nu Html Checker (vnu) contains a Server-Side Request Forgery (SSRF) vulnerability Moderate
CVE-2025-15104 was published for nu.validator:validator (Maven) Jan 16, 2026
augustocesarperin Credited to augustocesarperin
Spinnaker vulnerable to SSRF due to improper restrictions on http from user input High
CVE-2025-61916 was published for io.spinnaker.clouddriver:clouddriver-artifacts (Maven) Jan 5, 2026
jake-ciolek Credited to jake-ciolek, CodeWobbler, jasonmcintosh, and Jaimeoby CodeWobbler CodeWobbler
jasonmcintosh jasonmcintosh Jaimeoby Jaimeoby
PowerJob has a server-side request forgery vulnerability in PingPongUtils.java Moderate
CVE-2025-14518 was published for tech.powerjob:powerjob-common (Maven) Dec 11, 2025
JDA (Java Discord API) downloads external URLs when updating message components Moderate
GHSA-93fv-4pm9-xp28 was published for net.dv8tion:JDA (Maven) Dec 9, 2025
Apache Kylin Server-Side Request Forgery (SSRF) Vulnerability High
CVE-2025-61735 was published for org.apache.kylin:kylin (Maven) Oct 2, 2025
Liferay Portal is vulnerable to SSRF through custom object attachment fields Moderate
CVE-2025-43763 was published for com.liferay:com.liferay.object.service (Maven) Sep 9, 2025
ProTip! Advisories are also available from the GraphQL API