Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

52 advisories

Loading
@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass High
CVE-2024-34065 was published for @strapi/plugin-users-permissions (npm) Jun 12, 2024
Eventyret iarce-qb
derrickmehaffy innerdvations alexandrebodin
Spring Framework URL Parsing with Host Validation Vulnerability High
CVE-2024-22259 was published for org.springframework:spring-web (Maven) Mar 16, 2024
yoshizawa-masatoshi
Zendframework Remote Address Spoofing Vector in `Zend\Http\PhpEnvironment\RemoteAddress` High
GHSA-xffp-6w68-4775 was published for zendframework/zendframework (Composer) Jun 7, 2024
silverstripe/framework BackURL validation bypass with malformed URLs High
GHSA-m5q3-mvcr-gc5m was published for silverstripe/framework (Composer) May 27, 2024
Silverstripe X-Forwarded-Host request hostname injection High
GHSA-25gq-jvx2-vg9x was published for silverstripe/framework (Composer) May 23, 2024
flask-oidc Open Redirect vulnerability High
CVE-2016-1000001 was published for flask-oidc (pip) May 17, 2022
The SolarWinds Platform was susceptible to a Arbitrary Open Redirection Vulnerability. A... High Unreviewed
CVE-2024-28076 was published Apr 18, 2024
Drupal Open redirect vulnerability in the drupal_goto function High
CVE-2016-3167 was published for drupal/core (Composer) May 17, 2022
Keycloak path traversal vulnerability in the redirect validation High
CVE-2024-2419 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
cPanel before 67.9999.103 allows an open redirect in /unprotected/redirect.html (SEC-300). High Unreviewed
CVE-2017-18414 was published May 24, 2022
When processing Deeplink scheme, Happypoint mobile app 6.3.19 and earlier versions doesn't check... High Unreviewed
CVE-2019-9140 was published May 24, 2022
Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no... High Unreviewed
CVE-2021-28861 was published Aug 24, 2022
Open Redirect in OAuth2 Proxy High
CVE-2020-11053 was published for github.com/oauth2-proxy/oauth2-proxy (Go) Dec 20, 2021
rootxharsh iamnoooob
Mik317
HTTP Proxy header vulnerability High
CVE-2016-5385 was published for amphp/artax (Composer) Apr 7, 2022
Server-Side Request Forgery and Open Redirect in AllTube Download High
CVE-2022-24739 was published for rudloff/alltube (Composer) Mar 9, 2022
Rudloff
Unauthorized access vulnerability in the launcher module. Successful exploitation of this... High Unreviewed
CVE-2023-49240 was published Dec 6, 2023
A CWE-601:URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability exists that could... High Unreviewed
CVE-2023-5629 was published Dec 14, 2023
An issue was discovered in ownCloud owncloud/oauth2 before 0.6.1, when Allow Subdomains is... High Unreviewed
CVE-2023-49104 was published Nov 22, 2023
node-fetch forwards secure headers to untrusted sites High
CVE-2022-0235 was published for node-fetch (npm) Jan 21, 2022
kurt-r2c
A CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an... High Unreviewed
CVE-2023-5986 was published Nov 15, 2023
VMware Workspace ONE UEM console contains an open redirect vulnerability. A malicious actor may... High Unreviewed
CVE-2023-20886 was published Oct 31, 2023
Clearance Gem Open Redirect Vulnerability High
CVE-2021-23435 was published for clearance (RubyGems) Sep 13, 2021
The BatteryHealthActivity has a redirection vulnerability. Successful exploitation of this... High Unreviewed
CVE-2022-48358 was published Mar 28, 2023
Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability High Unreviewed
CVE-2023-24892 was published Mar 14, 2023
Redirection from an HTTP connection to a "data:" URL assigns the referring site's origin to the ... High Unreviewed
CVE-2016-9078 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API