GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
52 advisories
Filter by severity
@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass
High
CVE-2024-34065
was published
for
@strapi/plugin-users-permissions
(npm)
Jun 12, 2024
Zendframework Remote Address Spoofing Vector in `Zend\Http\PhpEnvironment\RemoteAddress`
High
GHSA-xffp-6w68-4775
was published
for
zendframework/zendframework
(Composer)
Jun 7, 2024
silverstripe/framework BackURL validation bypass with malformed URLs
High
GHSA-m5q3-mvcr-gc5m
was published
for
silverstripe/framework
(Composer)
May 27, 2024
Silverstripe X-Forwarded-Host request hostname injection
High
GHSA-25gq-jvx2-vg9x
was published
for
silverstripe/framework
(Composer)
May 23, 2024
The SolarWinds Platform was susceptible to a Arbitrary Open Redirection Vulnerability. A...
High
Unreviewed
CVE-2024-28076
was published
Apr 18, 2024
Keycloak path traversal vulnerability in the redirect validation
High
CVE-2024-2419
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
Spring Framework URL Parsing with Host Validation Vulnerability
High
CVE-2024-22259
was published
for
org.springframework:spring-web
(Maven)
Mar 16, 2024
A CWE-601:URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability exists that could...
High
Unreviewed
CVE-2023-5629
was published
Dec 14, 2023
Unauthorized access vulnerability in the launcher module. Successful exploitation of this...
High
Unreviewed
CVE-2023-49240
was published
Dec 6, 2023
An issue was discovered in ownCloud owncloud/oauth2 before 0.6.1, when Allow Subdomains is...
High
Unreviewed
CVE-2023-49104
was published
Nov 22, 2023
A CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an...
High
Unreviewed
CVE-2023-5986
was published
Nov 15, 2023
VMware Workspace ONE UEM console contains an open redirect vulnerability.
A malicious actor may...
High
Unreviewed
CVE-2023-20886
was published
Oct 31, 2023
The BatteryHealthActivity has a redirection vulnerability. Successful exploitation of this...
High
Unreviewed
CVE-2022-48358
was published
Mar 28, 2023
Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability
High
Unreviewed
CVE-2023-24892
was published
Mar 14, 2023
rdiffweb vulnerable to Open Redirect
High
CVE-2022-4720
was published
for
rdiffweb
(pip)
Dec 27, 2022
An attacker can change the content of an SAP Commerce - versions 1905, 2005, 2105, 2011, 2205,...
High
Unreviewed
CVE-2022-41204
was published
Oct 12, 2022
oauth2-server through 3.1.1 vulnerable to Open Redirect
High
CVE-2020-26938
was published
for
oauth2-server
(npm)
Aug 30, 2022
HCL iNotes is susceptible to a link to non-existent domain vulnerability. An attacker could use...
High
Unreviewed
CVE-2022-27547
was published
Aug 29, 2022
Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no...
High
Unreviewed
CVE-2021-28861
was published
Aug 24, 2022
JSPUI's controlled vocabulary feature vulnerable to Open Redirect before v6.4 and v5.11
High
CVE-2022-31193
was published
for
org.dspace:dspace-jspui
(Maven)
Aug 6, 2022
Multiple functions of NHIServiSignAdapter failed to verify the users’ file path, which leads to...
High
Unreviewed
CVE-2020-25845
was published
May 24, 2022
The digest generation function of NHIServiSignAdapter has not been verified for source file path,...
High
Unreviewed
CVE-2020-25846
was published
May 24, 2022
IBM Security Directory Server 6.4.0 could allow a remote attacker to conduct phishing attacks,...
High
Unreviewed
CVE-2019-4538
was published
May 24, 2022
cPanel before 67.9999.103 allows an open redirect in /unprotected/redirect.html (SEC-300).
High
Unreviewed
CVE-2017-18414
was published
May 24, 2022
When processing Deeplink scheme, Happypoint mobile app 6.3.19 and earlier versions doesn't check...
High
Unreviewed
CVE-2019-9140
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API