GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
49 advisories
NextChat has full-read SSRF and XSS vulnerability in /api/cors endpoint
Critical
CVE-2023-49785
was published
for
nextchat
(npm)
Aug 5, 2024
Nuxt Icon affected by a Server-Side Request Forgery (SSRF)
High
CVE-2024-42352
was published
for
@nuxt/icon
(npm)
Aug 5, 2024
Directus Blind SSRF On File Import
Moderate
CVE-2024-39699
was published
for
@directus/api
(npm)
Jul 8, 2024
Server Side Request Forgery (SSRF) attack in Fedify
High
CVE-2024-39687
was published
for
@fedify/fedify
(npm)
Jul 5, 2024
ip SSRF improper categorization in isPublic
High
CVE-2024-29415
was published
for
ip
(npm)
Jun 2, 2024
lobe-chat `/api/proxy` endpoint Server-Side Request Forgery vulnerability
Critical
CVE-2024-32964
was published
for
@lobehub/chat
(npm)
May 10, 2024
RSSHub vulnerable to Server-Side Request Forgery
Moderate
CVE-2024-27927
was published
for
rsshub
(npm)
Mar 6, 2024
NPM IP package incorrectly identifies some private IP addresses as public
Low
CVE-2023-42282
was published
for
ip
(npm)
Feb 8, 2024
Miniflare vulnerable to Server-Side Request Forgery (SSRF)
High
CVE-2023-7078
was published
for
miniflare
(npm)
Dec 29, 2023
google-translate-api-browser Server-Side Request Forgery (SSRF) Vulnerability
Low
CVE-2023-48711
was published
for
google-translate-api-browser
(npm)
Nov 27, 2023
SvelteKit framework has Insufficient CSRF protection for CORS requests
High
CVE-2023-29008
was published
for
@sveltejs/kit
(npm)
Apr 7, 2023
Server-Side Request Forgery in Request
Moderate
CVE-2023-28155
was published
for
@cypress/request
(npm)
Mar 16, 2023
Directus vulnerable to Server-Side Request Forgery On File Import
Moderate
CVE-2023-26492
was published
for
directus
(npm)
Mar 3, 2023
Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url
Critical
CVE-2022-2900
was published
for
parse-url
(npm)
Sep 15, 2022
`undici.request` vulnerable to SSRF using absolute URL on `pathname`
Moderate
CVE-2022-35949
was published
for
undici
(npm)
Aug 18, 2022
Server-Side Request Forgery in link-preview-js
Moderate
CVE-2022-25876
was published
for
link-preview-js
(npm)
Jul 2, 2022
ProTip!
Advisories are also available from the
GraphQL API