GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
33 advisories
Filter by severity
Update bitlyshortener to >=0.5.0 to prevent generating some invalid short URLs
High
GHSA-r82c-j4mq-5xfw
was published
for
bitlyshortener
(pip)
Oct 27, 2020
URL Redirection to Untrusted Site ('Open Redirect') in express-openid-connect
High
CVE-2022-24794
was published
for
express-openid-connect
(npm)
Mar 31, 2022
Open redirect in ASP.NET Core
High
CVE-2017-11879
was published
for
Microsoft.AspNetCore.All
(NuGet)
May 14, 2022
oauth2-server through 3.1.1 vulnerable to Open Redirect
High
CVE-2020-26938
was published
for
oauth2-server
(npm)
Aug 30, 2022
JSPUI's controlled vocabulary feature vulnerable to Open Redirect before v6.4 and v5.11
High
CVE-2022-31193
was published
for
org.dspace:dspace-jspui
(Maven)
Aug 6, 2022
Open Redirect in Liferay Portal
High
CVE-2020-24554
was published
for
com.liferay.portal:release.portal.bom
(Maven)
May 7, 2021
DOS and Open Redirect with user input
High
CVE-2021-22964
was published
for
fastify-static
(npm)
Oct 12, 2021
Clearance Gem Open Redirect Vulnerability
High
CVE-2021-23435
was published
for
clearance
(RubyGems)
Sep 13, 2021
node-fetch forwards secure headers to untrusted sites
High
CVE-2022-0235
was published
for
node-fetch
(npm)
Jan 21, 2022
Server-Side Request Forgery and Open Redirect in AllTube Download
High
CVE-2022-24739
was published
for
rudloff/alltube
(Composer)
Mar 9, 2022
HTTP Proxy header vulnerability
High
CVE-2016-5385
was published
for
amphp/artax
(Composer)
Apr 7, 2022
Open Redirect in OAuth2 Proxy
High
CVE-2020-11053
was published
for
github.com/oauth2-proxy/oauth2-proxy
(Go)
Dec 20, 2021
Keycloak path traversal vulnerability in the redirect validation
High
CVE-2024-2419
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
Drupal Open redirect vulnerability in the drupal_goto function
High
CVE-2016-3167
was published
for
drupal/core
(Composer)
May 17, 2022
Silverstripe X-Forwarded-Host request hostname injection
High
GHSA-25gq-jvx2-vg9x
was published
for
silverstripe/framework
(Composer)
May 23, 2024
silverstripe/framework BackURL validation bypass with malformed URLs
High
GHSA-m5q3-mvcr-gc5m
was published
for
silverstripe/framework
(Composer)
May 27, 2024
Zendframework Remote Address Spoofing Vector in `Zend\Http\PhpEnvironment\RemoteAddress`
High
GHSA-xffp-6w68-4775
was published
for
zendframework/zendframework
(Composer)
Jun 7, 2024
Spring Framework URL Parsing with Host Validation Vulnerability
High
CVE-2024-22259
was published
for
org.springframework:spring-web
(Maven)
Mar 16, 2024
@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass
High
CVE-2024-34065
was published
for
@strapi/plugin-users-permissions
(npm)
Jun 12, 2024
Spring Web vulnerable to Open Redirect or Server Side Request Forgery
High
CVE-2024-22243
was published
for
org.springframework:spring-web
(Maven)
Feb 23, 2024
Spring Framework URL Parsing with Host Validation
High
CVE-2024-22262
was published
for
org.springframework:spring-web
(Maven)
Apr 16, 2024
Flask-AppBuilder Open Redirect vulnerability
High
CVE-2021-32805
was published
for
Flask-AppBuilder
(pip)
Sep 8, 2021
flask-oidc Open Redirect vulnerability
High
CVE-2016-1000001
was published
for
flask-oidc
(pip)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API