Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

32 advisories

Loading
Open Redirect Moderate
CVE-2018-15178 was published for gogs.io/gogs (Go) Jun 29, 2021
Subdomain checking of whitelisted domains could allow unintended redirects in oauth2-proxy Low
CVE-2021-21291 was published for github.com/oauth2-proxy/oauth2-proxy (Go) May 25, 2021
semoac
The pattern '/\domain.com' is not disallowed when redirecting, allowing for open redirect Moderate
CVE-2020-5233 was published for github.com/oauth2-proxy/oauth2-proxy (Go) Dec 20, 2021
Open Redirect in OAuth2 Proxy Moderate
CVE-2020-4037 was published for github.com/oauth2-proxy/oauth2-proxy (Go) Dec 20, 2021
Gophish before 0.12.0 vulnerable to Open Redirect Moderate
CVE-2022-25295 was published for github.com/gophish/gophish (Go) Sep 12, 2022
Traefik vulnerable to Open Redirect via handling of X-Forwarded-Prefix header Moderate
CVE-2020-15129 was published for github.com/containous/traefik (Go) Feb 11, 2022
avivdolev
Redirect URL matching ignores character casing Moderate
CVE-2020-15234 was published for github.com/ory/fosite (Go) May 24, 2021
mitar
OAuth2 Redirect URL validity does not respect query parameters and character casing for loopback addresses Moderate
CVE-2020-15233 was published for github.com/ory/fosite (Go) May 24, 2021
mitar aeneasr
Arbitrary redirects under /new endpoint Moderate
CVE-2021-29622 was published for github.com/prometheus/prometheus (Go) Feb 15, 2022
dodek
Incomplete List of Disallowed Inputs in Kubernetes Moderate
CVE-2021-25737 was published for k8s.io/kubernetes (Go) Sep 7, 2021
Open redirect in Gitea Moderate
CVE-2021-45328 was published for github.com/go-gitea/gitea (Go) Feb 9, 2022
scs-library-client may leak user credentials to third-party service via HTTP redirect Moderate
CVE-2022-23538 was published for github.com/sylabs/scs-library-client (Go) Jan 20, 2023
Open redirect in caddy Moderate
CVE-2022-29718 was published for github.com/caddyserver/caddy (Go) Jun 3, 2022
coreDNS vulnerable to Improper Restriction of Communication Channel to Intended Endpoints Moderate
CVE-2022-2837 was published for github.com/coredns/coredns (Go) Mar 3, 2023
chrisbloom7
Authelia allows open redirects on the logout endpoint Moderate
CVE-2021-29456 was published for github.com/authelia/authelia/v4 (Go) Mar 16, 2023
jonbayl
Labstack Echo Open Redirect vulnerability Critical
CVE-2022-40083 was published for github.com/labstack/echo/v4 (Go) Sep 29, 2022
Open Redirect in oauth2_proxy Moderate
CVE-2017-1000070 was published for github.com/bitly/oauth2_proxy (Go) Dec 20, 2021
Pivotal Concourse Open Redirect in Login Flow Moderate
CVE-2018-15798 was published for github.com/concourse/concourse (Go) Feb 15, 2022
JWT leak via Open Redirect in Programmatic access Moderate
CVE-2021-29651 was published for github.com/pomerium/pomerium (Go) May 21, 2021
cure53
pomerium_signature is not verified in middleware in github.com/pomerium/pomerium Moderate
CVE-2021-29652 was published for github.com/pomerium/pomerium (Go) May 21, 2021
cure53
Open redirect vulnerability in Sourcegraph Moderate
CVE-2020-12283 was published for github.com/sourcegraph/sourcegraph (Go) Dec 20, 2021
Mattermost Open Redirect vulnerability Moderate
CVE-2023-47168 was published for github.com/mattermost/mattermost-server/v6 (Go) Nov 27, 2023
code.gitea.io/gitea Open Redirect vulnerability Low
CVE-2023-3515 was published for code.gitea.io/gitea (Go) Jul 5, 2023
Open Redirect in OAuth2 Proxy High
CVE-2020-11053 was published for github.com/oauth2-proxy/oauth2-proxy (Go) Dec 20, 2021
rootxharsh iamnoooob
Mik317
Open Redirect in github.com/greenpau/caddy-security Moderate
CVE-2024-21497 was published for github.com/greenpau/caddy-security (Go) Feb 17, 2024
ProTip! Advisories are also available from the GraphQL API