Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

37 advisories

Loading
Open Redirect in hekto Moderate
CVE-2018-3743 was published for hekto (npm) Jul 18, 2018
Open Redirect in st Moderate
CVE-2017-16224 was published for st (npm) Aug 6, 2018
Open Redirect in ecstatic High
GHSA-9q64-mpxx-87fg was published for ecstatic (npm) Apr 1, 2020
Open Redirect in serve-static Low
CVE-2015-1164 was published for serve-static (npm) Aug 31, 2020
Open Redirect in apostrophe Moderate
GHSA-h97g-4mx7-5p2p was published for apostrophe (npm) Sep 3, 2020
Open Redirect in Next.js versions Moderate
CVE-2020-15242 was published for next (npm) Oct 8, 2020
Open redirect in Slashify Moderate
CVE-2021-3189 was published for slashify (npm) Feb 5, 2021
Open Redirect in trailing-slash Moderate
CVE-2021-23387 was published for trailing-slash (npm) Jun 8, 2021
URIjs Vulnerable to Hostname spoofing via backslashes in URL Moderate
CVE-2021-3647 was published for urijs (npm) Jul 19, 2021
ready-research
Open redirect in url-parse Moderate
CVE-2021-3664 was published for url-parse (npm) Aug 10, 2021
Open Redirect in Next.js Moderate
CVE-2021-37699 was published for next (npm) Aug 12, 2021
medikoo
URL Redirection to Untrusted Site ('Open Redirect') in fastify-static Moderate
CVE-2021-22963 was published for fastify-static (npm) Oct 5, 2021
DOS and Open Redirect with user input High
CVE-2021-22964 was published for fastify-static (npm) Oct 12, 2021
Open Redirect in xdLocalStorage Moderate
CVE-2020-11611 was published for xdLocalStorage (npm) Dec 9, 2021
G-Rath
Open redirect in @auth0/nextjs-auth0 Moderate
CVE-2021-43812 was published for @auth0/nextjs-auth0 (npm) Dec 16, 2021
URL parsing in node-forge could lead to undesired behavior. Low
GHSA-gf8q-jrpm-jvxq was published for node-forge (npm) Jan 8, 2022
kurt-r2c
Open Redirect in node-forge Moderate
CVE-2022-0122 was published for node-forge (npm) Jan 21, 2022
node-fetch forwards secure headers to untrusted sites High
CVE-2022-0235 was published for node-fetch (npm) Jan 21, 2022
kurt-r2c
Open Redirect in koa-remove-trailing-slashes Moderate
CVE-2021-23384 was published for koa-remove-trailing-slashes (npm) Feb 10, 2022
tdunlap607
Open redirect in karma Moderate
CVE-2021-23495 was published for karma (npm) Feb 26, 2022
Forwarding of confidentials headers to third parties in fluture-node Low
CVE-2022-24719 was published for fluture-node (npm) Mar 1, 2022
Open Redirect in urijs Moderate
CVE-2022-0868 was published for urijs (npm) Mar 7, 2022
URL Redirection to Untrusted Site ('Open Redirect') in express-openid-connect High
CVE-2022-24794 was published for express-openid-connect (npm) Mar 31, 2022
jviding kurt-r2c
URL Confusion When Scheme Not Supplied in medialize/uri.js Moderate
CVE-2022-1233 was published for urijs (npm) Apr 5, 2022
NextAuth.js default redirect callback vulnerable to open redirects Moderate
CVE-2022-24858 was published for next-auth (npm) Apr 22, 2022
rustyguts
ProTip! Advisories are also available from the GraphQL API