Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

216 advisories

Loading
Open redirect in gradio Moderate
CVE-2024-4940 was published for gradio (pip) Jun 22, 2024
Open Redirect URL in Harbor Moderate
CVE-2024-22244 was published for github.com/goharbor/harbor (Go) Jun 2, 2024
Silverstripe External redirection risk in Security?ReturnURL Moderate
GHSA-vp8p-c6xj-xpj7 was published for silverstripe/framework (Composer) May 23, 2024
Umbraco CMS Open Redirect Bypass Protection Moderate
CVE-2024-34071 was published for Umbraco.Cms.Web.BackOffice (NuGet) May 21, 2024
0xRyuzak1
OroPlatform Forced Redirect to External Website Moderate
GHSA-3vhm-q4w3-rw8q was published for oro/platform (Composer) May 20, 2024
OroCRM Forced Redirect to External Website Moderate
GHSA-v8hp-239v-9367 was published for oro/crm (Composer) May 20, 2024
Drupal core Open Redirect vulnerability Moderate
GHSA-wxfg-253g-m7r4 was published for drupal/drupal (Composer) May 15, 2024
Drupal Anonymous Open Redirect Moderate
GHSA-x6v2-xmrq-574j was published for drupal/drupal (Composer) May 15, 2024
Drupal External URL injection through URL aliases leading to Open Redirect Moderate
GHSA-r67r-42wx-c8r7 was published for drupal/drupal (Composer) May 15, 2024
Drupal core Open Redirect vulnerability Moderate
GHSA-6gf6-24h2-66j4 was published for drupal/core (Composer) May 15, 2024
Drupal Anonymous Open Redirect Moderate
GHSA-gfvf-2f25-f34r was published for drupal/core (Composer) May 15, 2024
Drupal External URL injection through URL aliases leading to Open Redirect Moderate
GHSA-7f4f-p7mq-p4fv was published for drupal/core (Composer) May 15, 2024
Privilege Escalation in Kubernetes Moderate
CVE-2020-8559 was published for k8s.io/apimachinery (Go) Apr 24, 2024
thejan2009 shanduur
wikkyk psilva-veeam hectorj2f PelagicGames
cg vulnerable to an Open Redirect Vulnerability on Referer Header Moderate
GHSA-w228-rfpx-fhm4 was published for cg (pip) Apr 23, 2024
aydinnyunus
Keycloak Cross-site Scripting (XSS) via assertion consumer service URL in SAML POST-binding flow Moderate
CVE-2023-6717 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
gradio Server-Side Request Forgery vulnerability Moderate
CVE-2024-1183 was published for gradio (pip) Apr 16, 2024
Express.js Open Redirect in malformed URLs Moderate
CVE-2024-29041 was published for express (npm) Mar 25, 2024
FDrag0n jonchurch
blakeembrey wesleytodd ruddermann ctcpip
URL Redirection to Untrusted Site in OAuth2/OpenID in directus Moderate
CVE-2024-28239 was published for directus (npm) Mar 12, 2024
soulseekah
Docassemble open redirect Moderate
CVE-2024-27291 was published for docassemble.webapp (pip) Feb 29, 2024
richighimi
Open Redirect in github.com/greenpau/caddy-security Moderate
CVE-2024-21497 was published for github.com/greenpau/caddy-security (Go) Feb 17, 2024
pyLoad open redirect vulnerability due to improper validation of the is_safe_url function Moderate
CVE-2024-24808 was published for pyload-ng (pip) Feb 5, 2024
isacaya
keycloak-core: open redirect via "form_post.jwt" JARM response mode Moderate
GHSA-9vm7-v8wj-3fqw was published for org.keycloak:keycloak-core (Maven) Jan 23, 2024
PontusHanssen kasperkarlsson
Follow Redirects improperly handles URLs in the url.parse() function Moderate
CVE-2023-26159 was published for follow-redirects (npm) Jan 2, 2024
iainsproat
Open redirect vulnerability in Flask-Security-Too Moderate
CVE-2023-49438 was published for Flask-Security-Too (pip) Dec 27, 2023
jwag956 brandon-t-elliott
Keycloak Open Redirect vulnerability Moderate
CVE-2023-6927 was published for org.keycloak:keycloak-parent (Maven) Dec 19, 2023
ProTip! Advisories are also available from the GraphQL API