GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
299 advisories
pyLoad: SSRF filter bypass via HTTP redirect in BaseDownloader (Incomplete fix for CVE-2026-33992)
Critical
CVE-2026-35459
was published
for
pyload-ng
(pip)
Apr 4, 2026
Budibase: Server-Side Request Forgery via REST Connector with Empty Default Blacklist
Critical
CVE-2026-31818
was published
for
@budibase/backend-core
(npm)
Apr 3, 2026
FastMCP OpenAPI Provider has an SSRF & Path Traversal Vulnerability
Critical
CVE-2026-32871
was published
for
fastmcp
(pip)
Mar 31, 2026
pyLoad: Server-Side Request Forgery via Download Link Submission Enables Cloud Metadata Exfiltration
Critical
CVE-2026-33992
was published
for
pyload-ng
(pip)
Mar 27, 2026
Centrifugo: SSRF via unverified JWT claims interpolated into dynamic JWKS endpoint URL
Critical
CVE-2026-32301
was published
for
github.com/centrifugal/centrifugo
(Go)
Mar 13, 2026
AVideo has Unauthenticated SSRF via plugin/Live/test.php
Critical
CVE-2026-33502
was published
for
wwbn/avideo
(Composer)
Mar 20, 2026
AVideo has Unauthenticated SSRF via `webSiteRootURL` Parameter in saveDVR.json.php, Chaining to Verification Bypass
Critical
CVE-2026-33351
was published
for
wwbn/avideo
(Composer)
Mar 19, 2026
Spinnaker clouddriver and orca URL validation bypass via underscores in hostnames
Critical
CVE-2026-25534
was published
for
io.spinnaker.clouddriver:clouddriver-artifacts
(Maven)
Mar 16, 2026
soft-serve vulnerable to SSRF via unvalidated LFS endpoint in repo import
Critical
CVE-2026-30832
was published
for
github.com/charmbracelet/soft-serve
(Go)
Mar 6, 2026
Idno Vulnerable to Unauthenticated SSRF via URL Unfurl Endpoint
Critical
CVE-2026-28508
was published
for
idno/known
(Composer)
Mar 2, 2026
Angular SSR is vulnerable to SSRF and Header Injection via request handling pipeline
Critical
CVE-2026-27739
was published
for
@angular/ssr
(npm)
Feb 25, 2026
ProTip!
Advisories are also available from the
GraphQL API