GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
33 advisories
Filter by severity
Unsafe handling of user-specified cookies in treq
High
CVE-2022-23607
was published
for
treq
(pip)
Feb 1, 2022
HAPI FHIR XML External Entity (XXE) vulnerability
High
CVE-2024-51132
was published
for
ca.uhn.hapi.fhir:org.hl7.fhir.convertors
(Maven)
Nov 5, 2024
Keycloak Open Redirect vulnerability
High
CVE-2024-8883
was published
for
org.keycloak:keycloak-services
(Maven)
Sep 19, 2024
Drupal has open redirect vulnerability in the Overlay module
High
CVE-2013-6389
was published
for
drupal/drupal
(Composer)
May 17, 2022
rdiffweb vulnerable to Open Redirect
High
CVE-2022-4720
was published
for
rdiffweb
(pip)
Dec 27, 2022
URL Redirection to Untrusted Site ('Open Redirect') in Products.isurlinportal
High
CVE-2021-32806
was published
for
Products.isurlinportal
(pip)
Aug 5, 2021
Plone Open Redirection vulnerability via next parameter
High
CVE-2013-4200
was published
for
Plone
(pip)
May 14, 2022
Open redirect via transitional IPv6 addresses on dual-stack networks
High
CVE-2021-21392
was published
for
matrix-synapse
(pip)
Apr 13, 2021
flask-oidc Open Redirect vulnerability
High
CVE-2016-1000001
was published
for
flask-oidc
(pip)
May 17, 2022
Flask-AppBuilder Open Redirect vulnerability
High
CVE-2021-32805
was published
for
Flask-AppBuilder
(pip)
Sep 8, 2021
Spring Framework URL Parsing with Host Validation
High
CVE-2024-22262
was published
for
org.springframework:spring-web
(Maven)
Apr 16, 2024
Spring Web vulnerable to Open Redirect or Server Side Request Forgery
High
CVE-2024-22243
was published
for
org.springframework:spring-web
(Maven)
Feb 23, 2024
@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass
High
CVE-2024-34065
was published
for
@strapi/plugin-users-permissions
(npm)
Jun 12, 2024
Spring Framework URL Parsing with Host Validation Vulnerability
High
CVE-2024-22259
was published
for
org.springframework:spring-web
(Maven)
Mar 16, 2024
Zendframework Remote Address Spoofing Vector in `Zend\Http\PhpEnvironment\RemoteAddress`
High
GHSA-xffp-6w68-4775
was published
for
zendframework/zendframework
(Composer)
Jun 7, 2024
silverstripe/framework BackURL validation bypass with malformed URLs
High
GHSA-m5q3-mvcr-gc5m
was published
for
silverstripe/framework
(Composer)
May 27, 2024
Silverstripe X-Forwarded-Host request hostname injection
High
GHSA-25gq-jvx2-vg9x
was published
for
silverstripe/framework
(Composer)
May 23, 2024
Drupal Open redirect vulnerability in the drupal_goto function
High
CVE-2016-3167
was published
for
drupal/core
(Composer)
May 17, 2022
Keycloak path traversal vulnerability in the redirect validation
High
CVE-2024-2419
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
Open Redirect in OAuth2 Proxy
High
CVE-2020-11053
was published
for
github.com/oauth2-proxy/oauth2-proxy
(Go)
Dec 20, 2021
HTTP Proxy header vulnerability
High
CVE-2016-5385
was published
for
amphp/artax
(Composer)
Apr 7, 2022
Server-Side Request Forgery and Open Redirect in AllTube Download
High
CVE-2022-24739
was published
for
rudloff/alltube
(Composer)
Mar 9, 2022
node-fetch forwards secure headers to untrusted sites
High
CVE-2022-0235
was published
for
node-fetch
(npm)
Jan 21, 2022
Clearance Gem Open Redirect Vulnerability
High
CVE-2021-23435
was published
for
clearance
(RubyGems)
Sep 13, 2021
ProTip!
Advisories are also available from the
GraphQL API