GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
1,958 advisories
PinchTab has Unauthenticated Blind SSRF in Task Scheduler via Unvalidated callbackUrl
Moderate
CVE-2026-33619
was published
for
github.com/pinchtab/pinchtab
(Go)
Mar 24, 2026
Roadiz has Server-Side Request Forgery (SSRF) in roadiz/documents
Moderate
CVE-2026-33486
was published
for
roadiz/documents
(Composer)
Mar 23, 2026
Connect CMS has SSRF in the External Page Migration Feature of its Page Management Plugin
Moderate
CVE-2026-32279
was published
for
opensource-workshop/connect-cms
(Composer)
Mar 23, 2026
AVideo has Unauthenticated SSRF via plugin/Live/test.php
Critical
CVE-2026-33502
was published
for
wwbn/avideo
(Composer)
Mar 20, 2026
PDFME has SSRF via Unvalidated URL Fetch in `getB64BasePdf` When `basePdf` Is Attacker-Controlled
Moderate
GHSA-pgx6-7jcq-2qff
was published
for
@pdfme/common
(npm)
Mar 20, 2026
AVideo has a SSRF Protection Bypass via IPv4-Mapped IPv6 Addresses in Unauthenticated LiveLinks Proxy
High
CVE-2026-33480
was published
for
wwbn/avideo
(Composer)
Mar 20, 2026
AVideo has Unauthenticated SSRF via `webSiteRootURL` Parameter in saveDVR.json.php, Chaining to Verification Bypass
Critical
CVE-2026-33351
was published
for
wwbn/avideo
(Composer)
Mar 19, 2026
league/commonmark has an embed extension allowed_domains bypass
Moderate
CVE-2026-33347
was published
for
league/commonmark
(Composer)
Mar 19, 2026
AVideo Affected by SSRF in BulkEmbed Thumbnail Fetch Allows Reading Internal Network Resources
Moderate
CVE-2026-33294
was published
for
wwbn/avideo
(Composer)
Mar 19, 2026
ProTip!
Advisories are also available from the
GraphQL API