GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
899 advisories
Filter by severity
An open redirect vulnerability exists in Nagios XI before version 5.8.5 that could lead to...
Moderate
Unreviewed
CVE-2021-37352
was published
May 24, 2022
hyper-staticfile's location header incorporates user input, allowing open redirect
Moderate
GHSA-5wvv-q5fv-2388
was published
for
hyper-staticfile
(Rust)
Dec 30, 2022
URL Redirection to Untrusted Site (Open Redirect) in Ktor
Moderate
CVE-2019-19703
was published
for
io.ktor:ktor-client-core
(Maven)
Feb 12, 2020
Moderate severity vulnerability that affects org.apache.juddi:juddi-client
Moderate
CVE-2015-5241
was published
for
org.apache.juddi:juddi-client
(Maven)
Oct 16, 2018
Open Redirect in apostrophe
Moderate
GHSA-h97g-4mx7-5p2p
was published
for
apostrophe
(npm)
Sep 3, 2020
Open redirect in Jupyter Server
Moderate
CVE-2020-26232
was published
for
jupyter-server
(pip)
Nov 24, 2020
Update bitlyshortener to >=0.5.0 to prevent generating some invalid short URLs
High
GHSA-r82c-j4mq-5xfw
was published
for
bitlyshortener
(pip)
Oct 27, 2020
Open redirect in Jupyter Notebook
Moderate
CVE-2020-26215
was published
for
notebook
(pip)
Nov 18, 2020
Open Redirect in Flask-Security-Too
Low
GHSA-gxjj-f44v-qm94
was published
for
Flask-Security-Too
(pip)
Dec 14, 2021
•
withdrawn
Subdomain checking of whitelisted domains could allow unintended redirects in oauth2-proxy
Low
CVE-2021-21291
was published
for
github.com/oauth2-proxy/oauth2-proxy
(Go)
May 25, 2021
The pattern '/\domain.com' is not disallowed when redirecting, allowing for open redirect
Moderate
CVE-2020-5233
was published
for
github.com/oauth2-proxy/oauth2-proxy
(Go)
Dec 20, 2021
Open Redirect in OAuth2 Proxy
Moderate
CVE-2020-4037
was published
for
github.com/oauth2-proxy/oauth2-proxy
(Go)
Dec 20, 2021
Open redirect in Flask-Unchained
Moderate
CVE-2021-23393
was published
for
Flask-Unchained
(pip)
Jun 15, 2021
Cross-site Scripting and Open Redirect in plone.app.contenttypes
Moderate
GHSA-f7qw-5fgj-247x
was published
for
plone.app.contenttypes
(pip)
Feb 1, 2022
URL parsing in node-forge could lead to undesired behavior.
Low
GHSA-gf8q-jrpm-jvxq
was published
for
node-forge
(npm)
Jan 8, 2022
Apache Superset Open Redirect vulnerability
Moderate
CVE-2022-43721
was published
for
apache-superset
(pip)
Jan 16, 2023
The Page Builder KingComposer WordPress plugin through 2.9.6 does not validate the id parameter...
High
Unreviewed
CVE-2022-0165
was published
Mar 15, 2022
Cscms Music Portal System v4.2 was discovered to contain a redirection vulnerability via the...
Moderate
Unreviewed
CVE-2022-27090
was published
Mar 23, 2022
Open Redirect in Flask-AppBuilder
Moderate
CVE-2022-24776
was published
for
Flask-AppBuilder
(pip)
Mar 25, 2022
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Netegrity SiteMinder up to 4.5.1 and...
Moderate
Unreviewed
CVE-2005-10001
was published
Mar 29, 2022
ProTip!
Advisories are also available from the
GraphQL API