Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

64 advisories

Loading
October System module has an Open Redirect for Administrator Accounts Low
CVE-2024-24764 was published for october/system (Composer) Jun 26, 2024
Zendframework Remote Address Spoofing Vector in `Zend\Http\PhpEnvironment\RemoteAddress` High
GHSA-xffp-6w68-4775 was published for zendframework/zendframework (Composer) Jun 7, 2024
silverstripe/framework BackURL validation bypass with malformed URLs High
GHSA-m5q3-mvcr-gc5m was published for silverstripe/framework (Composer) May 27, 2024
Silverstripe External redirection risk in Security?ReturnURL Moderate
GHSA-vp8p-c6xj-xpj7 was published for silverstripe/framework (Composer) May 23, 2024
Silverstripe X-Forwarded-Host request hostname injection High
GHSA-25gq-jvx2-vg9x was published for silverstripe/framework (Composer) May 23, 2024
OroPlatform Forced Redirect to External Website Moderate
GHSA-3vhm-q4w3-rw8q was published for oro/platform (Composer) May 20, 2024
OroCRM Forced Redirect to External Website Moderate
GHSA-v8hp-239v-9367 was published for oro/crm (Composer) May 20, 2024
MediaWiki Open Redirect vulnerability Moderate
CVE-2020-10959 was published for mediawiki/core (Composer) May 24, 2022
Possible to circumvent title-blacklist Moderate
CVE-2019-19709 was published for mediawiki/core (Composer) May 24, 2022
Drupal core Open Redirect vulnerability Moderate
GHSA-wxfg-253g-m7r4 was published for drupal/drupal (Composer) May 15, 2024
Drupal Anonymous Open Redirect Moderate
GHSA-x6v2-xmrq-574j was published for drupal/drupal (Composer) May 15, 2024
Drupal External URL injection through URL aliases leading to Open Redirect Moderate
GHSA-r67r-42wx-c8r7 was published for drupal/drupal (Composer) May 15, 2024
Drupal core Open Redirect vulnerability Moderate
GHSA-6gf6-24h2-66j4 was published for drupal/core (Composer) May 15, 2024
Drupal Anonymous Open Redirect Moderate
GHSA-gfvf-2f25-f34r was published for drupal/core (Composer) May 15, 2024
Drupal External URL injection through URL aliases leading to Open Redirect Moderate
GHSA-7f4f-p7mq-p4fv was published for drupal/core (Composer) May 15, 2024
Symfony Open Redirect Moderate
CVE-2018-19790 was published for symfony/security (Composer) May 14, 2022
SimpleSAMLphp Open redirection protection bypass Moderate
CVE-2018-6520 was published for simplesamlphp/simplesamlphp (Composer) May 14, 2022
EC-CUBE Open redirect vulnerability Moderate
CVE-2018-16191 was published for ec-cube/ec-cube (Composer) May 14, 2022
Pagekit open redirect vulnerability Moderate
CVE-2018-14381 was published for pagekit/pagekit (Composer) May 14, 2022
Knock Knock plugin Open redirection vulnerability Moderate
CVE-2020-13486 was published for verbb/knock-knock (Composer) May 24, 2022
Moodle Open redirect risk in mobile auto-login feature Moderate
CVE-2022-35652 was published for moodle/moodle (Composer) Jul 26, 2022
Moodle open redirect vulnerability Moderate
CVE-2019-14882 was published for moodle/moodle (Composer) May 24, 2022
Drupal Core Open Redirect vulnerability Moderate
CVE-2020-13662 was published for drupal/core (Composer) May 24, 2022
Drupal Open redirect vulnerability in the drupal_goto function High
CVE-2016-3167 was published for drupal/core (Composer) May 17, 2022
Drupal external link injection vulnerability Moderate
CVE-2017-6932 was published for drupal/core (Composer) May 14, 2022
ProTip! Advisories are also available from the GraphQL API