GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,260
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,483
Swift
61
Unreviewed advisories
All unreviewed
5,000+
131 advisories
Filter by severity
jackson-databind: InetSocketAddress deserialization triggers eager DNS resolution (SSRF)
Moderate
CVE-2026-54514
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jun 23, 2026
OpenAM Authenticated Server-Side Request Forgery (SSRF) via `/sessionservice`
Moderate
CVE-2026-44202
was published
for
org.openidentityplatform.openam:openam-core
(Maven)
Jun 22, 2026
NL Portal Backend Libraries: Unauthenticated form resolver forwards the privileged Objecten-API token to a caller-supplied URL (SSRF)
Moderate
CVE-2026-55414
was published
for
nl.nl-portal:form
(Maven)
Jun 19, 2026
GeoServer has a Server-Side Request Forgery (SSRF) Vulnerability in its XML Entity Resolution
Moderate
CVE-2025-58175
was published
for
org.geoserver.web:gs-web-app
(Maven)
Jun 12, 2026
CC-Tweaked has an SSRF Protection Bypass with NAT64
High
CVE-2026-47695
was published
for
cc.tweaked:cc-tweaked-1.19.3-core
(Maven)
May 29, 2026
Jenkins Active Directory Plugin follows LDAP referrals by default
Moderate
CVE-2026-48918
was published
for
org.jenkins-ci.plugins:active-directory
(Maven)
May 27, 2026
Jenkins LDAP Plugin follows LDAP referrals
Moderate
CVE-2026-48916
was published
for
org.jenkins-ci.plugins:ldap
(Maven)
May 27, 2026
Spring AI MCP Security: Unvalidated URL Fetching (SSRF)
High
CVE-2026-45609
was published
for
org.springaicommunity:mcp-client-security
(Maven)
May 18, 2026
Geyser Vulnerable to Server-Side Request Forgery (SSRF) via Player Head Texture URL in Geyser
Low
CVE-2026-42188
was published
for
org.geysermc.geyser:core
(Maven)
May 5, 2026
XWiki PlantUML Macro Vulnerable to Server-Side Request Forgery (SSRF) via 'server' parameter
Moderate
CVE-2026-42140
was published
for
org.xwiki.contrib.plantuml:macro-plantuml-macro
(Maven)
May 5, 2026
Eclipse BaSyx Java Server SDK vulnerable to Server-Side Request Forgery
High
CVE-2026-7412
was published
for
org.eclipse.basyx:basyx.sdk
(Maven)
May 5, 2026
Apache Neethi doesn't impose any restrictions on URIs when manually fetching remote policy references through the PolicyReference API
Moderate
CVE-2026-42404
was published
for
org.apache.neethi:neethi
(Maven)
May 1, 2026
FHIR Validator: Unauthenticated Blind SSRF via /loadIG Endpoint Enables Internal Network Probing
Moderate
CVE-2026-34360
was published
for
ca.uhn.hapi.fhir:org.hl7.fhir.core
(Maven)
Mar 30, 2026
Spring AI: Insufficient Validation causes SSRF when processing multimodal messages with user-supplied URLs
High
CVE-2026-22742
was published
for
org.springframework.ai:spring-ai-bedrock-converse
(Maven)
Mar 27, 2026
Keycloak Server-Side Request Forgery via OIDC token endpoint manipulation
Low
CVE-2026-4874
was published
for
org.keycloak:keycloak-services
(Maven)
Mar 26, 2026
Spinnaker clouddriver and orca URL validation bypass via underscores in hostnames
Critical
CVE-2026-25534
was published
for
io.spinnaker.clouddriver:clouddriver-artifacts
(Maven)
Mar 16, 2026
PSI Probe vulnerable to Server-Side Request Forgery
Low
CVE-2026-3270
was published
for
com.github.psi-probe:psi-probe-core
(Maven)
Feb 27, 2026
Keycloak Server-Side Request Forgery (SSRF) vulnerability
Low
CVE-2026-1518
was published
for
org.keycloak:keycloak-parent
(Maven)
Feb 2, 2026
Keycloak’s OpenID Connect Dynamic Client Registration feature affected by Server-Side Request Forgery (SSRF)
Moderate
CVE-2026-1180
was published
for
org.keycloak:keycloak-adapter-core
(Maven)
Jan 20, 2026
Nu Html Checker (vnu) contains a Server-Side Request Forgery (SSRF) vulnerability
Moderate
CVE-2025-15104
was published
for
nu.validator:validator
(Maven)
Jan 16, 2026
Spinnaker vulnerable to SSRF due to improper restrictions on http from user input
High
CVE-2025-61916
was published
for
io.spinnaker.clouddriver:clouddriver-artifacts
(Maven)
Jan 5, 2026
PowerJob has a server-side request forgery vulnerability in PingPongUtils.java
Moderate
CVE-2025-14518
was published
for
tech.powerjob:powerjob-common
(Maven)
Dec 11, 2025
JDA (Java Discord API) downloads external URLs when updating message components
Moderate
GHSA-93fv-4pm9-xp28
was published
for
net.dv8tion:JDA
(Maven)
Dec 9, 2025
Apache Kylin Server-Side Request Forgery (SSRF) Vulnerability
High
CVE-2025-61735
was published
for
org.apache.kylin:kylin
(Maven)
Oct 2, 2025
Liferay Portal is vulnerable to SSRF through custom object attachment fields
Moderate
CVE-2025-43763
was published
for
com.liferay:com.liferay.object.service
(Maven)
Sep 9, 2025
ProTip!
Advisories are also available from the
GraphQL API