Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

899 advisories

Loading
An open redirect vulnerability exists in imartinez/privategpt version 0.5.0 due to improper... Moderate Unreviewed
CVE-2024-5936 was published Jun 27, 2024
October System module has an Open Redirect for Administrator Accounts Low
CVE-2024-24764 was published for october/system (Composer) Jun 26, 2024
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Magarsus Consultancy SSO ... Moderate Unreviewed
CVE-2024-4604 was published Jun 26, 2024
Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an... Low Unreviewed
CVE-2024-37141 was published Jun 26, 2024
Open redirect in gradio Moderate
CVE-2024-4940 was published for gradio (pip) Jun 22, 2024
Keycloak Cross-site Scripting (XSS) via assertion consumer service URL in SAML POST-binding flow Moderate
CVE-2023-6717 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
Open Redirect URL in Harbor Moderate
CVE-2024-22244 was published for github.com/goharbor/harbor (Go) Jun 2, 2024
An open redirect issue was discovered in Kibana that could lead to a user being redirected to an... Moderate Unreviewed
CVE-2024-23442 was published Jun 14, 2024
@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass High
CVE-2024-34065 was published for @strapi/plugin-users-permissions (npm) Jun 12, 2024
Eventyret iarce-qb
derrickmehaffy innerdvations alexandrebodin
Spring Framework URL Parsing with Host Validation Vulnerability High
CVE-2024-22259 was published for org.springframework:spring-web (Maven) Mar 16, 2024
yoshizawa-masatoshi
Zendframework Remote Address Spoofing Vector in `Zend\Http\PhpEnvironment\RemoteAddress` High
GHSA-xffp-6w68-4775 was published for zendframework/zendframework (Composer) Jun 7, 2024
A URL redirection to untrusted site ('open redirect') in Fortinet FortiAuthenticator version 6.6... Moderate Unreviewed
CVE-2024-23664 was published Jun 3, 2024
Open Redirect in github.com/AndrewBurian/powermux Moderate
CVE-2021-32721 was published for github.com/AndrewBurian/powermux (Go) Jul 1, 2021
silverstripe/framework BackURL validation bypass with malformed URLs High
GHSA-m5q3-mvcr-gc5m was published for silverstripe/framework (Composer) May 27, 2024
Silverstripe External redirection risk in Security?ReturnURL Moderate
GHSA-vp8p-c6xj-xpj7 was published for silverstripe/framework (Composer) May 23, 2024
Silverstripe X-Forwarded-Host request hostname injection High
GHSA-25gq-jvx2-vg9x was published for silverstripe/framework (Composer) May 23, 2024
Umbraco CMS Open Redirect Bypass Protection Moderate
CVE-2024-34071 was published for Umbraco.Cms.Web.BackOffice (NuGet) May 21, 2024
0xRyuzak1
Open Redirect in Caddy Moderate
CVE-2022-28923 was published for github.com/caddyserver/caddy/v2 (Go) Feb 7, 2023
J3rry-1729
Macaron i18n Open Redirect vulnerability Moderate
CVE-2020-36627 was published for github.com/go-macaron/i18n (Go) Dec 25, 2022
gopkg.in/macaron.v1 Open Redirect vulnerability Moderate
CVE-2020-12666 was published for gopkg.in/macaron.v1 (Go) May 18, 2021
OroPlatform Forced Redirect to External Website Moderate
GHSA-3vhm-q4w3-rw8q was published for oro/platform (Composer) May 20, 2024
OroCRM Forced Redirect to External Website Moderate
GHSA-v8hp-239v-9367 was published for oro/crm (Composer) May 20, 2024
MediaWiki Open Redirect vulnerability Moderate
CVE-2020-10959 was published for mediawiki/core (Composer) May 24, 2022
Possible to circumvent title-blacklist Moderate
CVE-2019-19709 was published for mediawiki/core (Composer) May 24, 2022
Drupal core Open Redirect vulnerability Moderate
GHSA-wxfg-253g-m7r4 was published for drupal/drupal (Composer) May 15, 2024
ProTip! Advisories are also available from the GraphQL API