GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
899 advisories
Filter by severity
An open redirect vulnerability exists in imartinez/privategpt version 0.5.0 due to improper...
Moderate
Unreviewed
CVE-2024-5936
was published
Jun 27, 2024
October System module has an Open Redirect for Administrator Accounts
Low
CVE-2024-24764
was published
for
october/system
(Composer)
Jun 26, 2024
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Magarsus Consultancy SSO ...
Moderate
Unreviewed
CVE-2024-4604
was published
Jun 26, 2024
Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an...
Low
Unreviewed
CVE-2024-37141
was published
Jun 26, 2024
Keycloak Cross-site Scripting (XSS) via assertion consumer service URL in SAML POST-binding flow
Moderate
CVE-2023-6717
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
Open Redirect URL in Harbor
Moderate
CVE-2024-22244
was published
for
github.com/goharbor/harbor
(Go)
Jun 2, 2024
An open redirect issue was discovered in Kibana that could lead to a user being redirected to an...
Moderate
Unreviewed
CVE-2024-23442
was published
Jun 14, 2024
@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass
High
CVE-2024-34065
was published
for
@strapi/plugin-users-permissions
(npm)
Jun 12, 2024
Spring Framework URL Parsing with Host Validation Vulnerability
High
CVE-2024-22259
was published
for
org.springframework:spring-web
(Maven)
Mar 16, 2024
Zendframework Remote Address Spoofing Vector in `Zend\Http\PhpEnvironment\RemoteAddress`
High
GHSA-xffp-6w68-4775
was published
for
zendframework/zendframework
(Composer)
Jun 7, 2024
A URL redirection to untrusted site ('open redirect') in Fortinet FortiAuthenticator version 6.6...
Moderate
Unreviewed
CVE-2024-23664
was published
Jun 3, 2024
Open Redirect in github.com/AndrewBurian/powermux
Moderate
CVE-2021-32721
was published
for
github.com/AndrewBurian/powermux
(Go)
Jul 1, 2021
silverstripe/framework BackURL validation bypass with malformed URLs
High
GHSA-m5q3-mvcr-gc5m
was published
for
silverstripe/framework
(Composer)
May 27, 2024
Silverstripe External redirection risk in Security?ReturnURL
Moderate
GHSA-vp8p-c6xj-xpj7
was published
for
silverstripe/framework
(Composer)
May 23, 2024
Silverstripe X-Forwarded-Host request hostname injection
High
GHSA-25gq-jvx2-vg9x
was published
for
silverstripe/framework
(Composer)
May 23, 2024
Umbraco CMS Open Redirect Bypass Protection
Moderate
CVE-2024-34071
was published
for
Umbraco.Cms.Web.BackOffice
(NuGet)
May 21, 2024
Open Redirect in Caddy
Moderate
CVE-2022-28923
was published
for
github.com/caddyserver/caddy/v2
(Go)
Feb 7, 2023
Macaron i18n Open Redirect vulnerability
Moderate
CVE-2020-36627
was published
for
github.com/go-macaron/i18n
(Go)
Dec 25, 2022
gopkg.in/macaron.v1 Open Redirect vulnerability
Moderate
CVE-2020-12666
was published
for
gopkg.in/macaron.v1
(Go)
May 18, 2021
OroPlatform Forced Redirect to External Website
Moderate
GHSA-3vhm-q4w3-rw8q
was published
for
oro/platform
(Composer)
May 20, 2024
OroCRM Forced Redirect to External Website
Moderate
GHSA-v8hp-239v-9367
was published
for
oro/crm
(Composer)
May 20, 2024
MediaWiki Open Redirect vulnerability
Moderate
CVE-2020-10959
was published
for
mediawiki/core
(Composer)
May 24, 2022
Possible to circumvent title-blacklist
Moderate
CVE-2019-19709
was published
for
mediawiki/core
(Composer)
May 24, 2022
Drupal core Open Redirect vulnerability
Moderate
GHSA-wxfg-253g-m7r4
was published
for
drupal/drupal
(Composer)
May 15, 2024
ProTip!
Advisories are also available from the
GraphQL API