Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

899 advisories

Loading
Open Redirect Moderate
CVE-2018-15178 was published for gogs.io/gogs (Go) Jun 29, 2021
Unvalidated redirects Moderate Unreviewed
CVE-2021-35206 was published Jun 23, 2021
Open redirect in Flask-Unchained Moderate
CVE-2021-23393 was published for Flask-Unchained (pip) Jun 15, 2021
Open Redirect in trailing-slash Moderate
CVE-2021-23387 was published for trailing-slash (npm) Jun 8, 2021
Subdomain checking of whitelisted domains could allow unintended redirects in oauth2-proxy Low
CVE-2021-21291 was published for github.com/oauth2-proxy/oauth2-proxy (Go) May 25, 2021
semoac
OAuth2 Redirect URL validity does not respect query parameters and character casing for loopback addresses Moderate
CVE-2020-15233 was published for github.com/ory/fosite (Go) May 24, 2021
mitar aeneasr
Redirect URL matching ignores character casing Moderate
CVE-2020-15234 was published for github.com/ory/fosite (Go) May 24, 2021
mitar
Open redirect in direct_mail Moderate
CVE-2020-12699 was published for directmailteam/direct-mail (Composer) May 24, 2021
JWT leak via Open Redirect in Programmatic access Moderate
CVE-2021-29651 was published for github.com/pomerium/pomerium (Go) May 21, 2021
cure53
pomerium_signature is not verified in middleware in github.com/pomerium/pomerium Moderate
CVE-2021-29652 was published for github.com/pomerium/pomerium (Go) May 21, 2021
cure53
gopkg.in/macaron.v1 Open Redirect vulnerability Moderate
CVE-2020-12666 was published for gopkg.in/macaron.v1 (Go) May 18, 2021
Open Redirect in Flask-Security-Too Low
CVE-2021-32618 was published for Flask-Security-Too (pip) May 17, 2021
tdunlap607
Open Redirect in Liferay Portal High
CVE-2020-24554 was published for com.liferay.portal:release.portal.bom (Maven) May 7, 2021
Possible Open Redirect Vulnerability in Action Pack Moderate
CVE-2021-22903 was published for actionpack (RubyGems) May 5, 2021
Open Redirect in werkzeug Moderate
CVE-2020-28724 was published for werkzeug (pip) Apr 20, 2021
Open Redirect in autobahn Moderate
CVE-2020-35678 was published for autobahn (pip) Apr 20, 2021
Open redirect via transitional IPv6 addresses on dual-stack networks Moderate
CVE-2021-21392 was published for matrix-synapse (pip) Apr 13, 2021
mscherer
OMERO webclient does not validate URL redirects on login or switching group. Moderate
CVE-2021-21377 was published for omero-web (pip) Mar 23, 2021
Open Redirection in Login Handling Moderate
CVE-2021-21338 was published for typo3/cms (Composer) Mar 23, 2021
einpraegsam derhansen
URL Redirection to Untrusted Site ('Open Redirect') in Products.PluggableAuthService Low
CVE-2021-21337 was published for Products.PluggableAuthService (pip) Mar 8, 2021
jugmac00 xoffense
Actionpack Open Redirect Vulnerability Moderate
CVE-2021-22881 was published for actionpack (RubyGems) Mar 2, 2021
Open redirects on some federation and push requests Low
CVE-2021-21273 was published for matrix-synapse (pip) Feb 26, 2021
mscherer
`aiohttp` Open Redirect vulnerability (`normalize_path_middleware` middleware) Low
CVE-2021-21330 was published for aiohttp (pip) Feb 26, 2021
jelmer g147
Open redirect in Slashify Moderate
CVE-2021-3189 was published for slashify (npm) Feb 5, 2021
Jupyter Server open redirect vulnerability Moderate
CVE-2020-26275 was published for jupyter-server (pip) Dec 21, 2020
Yaniv-git
ProTip! Advisories are also available from the GraphQL API