Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

33 advisories

Loading
Unsafe handling of user-specified cookies in treq High
CVE-2022-23607 was published for treq (pip) Feb 1, 2022
glyph twm
HAPI FHIR XML External Entity (XXE) vulnerability High
CVE-2024-51132 was published for ca.uhn.hapi.fhir:org.hl7.fhir.convertors (Maven) Nov 5, 2024
Keycloak Open Redirect vulnerability High
CVE-2024-8883 was published for org.keycloak:keycloak-services (Maven) Sep 19, 2024
Drupal has open redirect vulnerability in the Overlay module High
CVE-2013-6389 was published for drupal/drupal (Composer) May 17, 2022
Rudloff
rdiffweb vulnerable to Open Redirect High
CVE-2022-4720 was published for rdiffweb (pip) Dec 27, 2022
URL Redirection to Untrusted Site ('Open Redirect') in Products.isurlinportal High
CVE-2021-32806 was published for Products.isurlinportal (pip) Aug 5, 2021
Plone Open Redirection vulnerability via next parameter High
CVE-2013-4200 was published for Plone (pip) May 14, 2022
Open redirect via transitional IPv6 addresses on dual-stack networks High
CVE-2021-21392 was published for matrix-synapse (pip) Apr 13, 2021
mscherer
Open Redirect in httpie High
CVE-2019-10751 was published for httpie (pip) Aug 27, 2019
flask-oidc Open Redirect vulnerability High
CVE-2016-1000001 was published for flask-oidc (pip) May 17, 2022
Flask-AppBuilder Open Redirect vulnerability High
CVE-2021-32805 was published for Flask-AppBuilder (pip) Sep 8, 2021
Spring Framework URL Parsing with Host Validation High
CVE-2024-22262 was published for org.springframework:spring-web (Maven) Apr 16, 2024
Spring Web vulnerable to Open Redirect or Server Side Request Forgery High
CVE-2024-22243 was published for org.springframework:spring-web (Maven) Feb 23, 2024
yoshizawa-masatoshi
@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass High
CVE-2024-34065 was published for @strapi/plugin-users-permissions (npm) Jun 12, 2024
Eventyret iarce-qb
derrickmehaffy innerdvations alexandrebodin
Spring Framework URL Parsing with Host Validation Vulnerability High
CVE-2024-22259 was published for org.springframework:spring-web (Maven) Mar 16, 2024
yoshizawa-masatoshi
Zendframework Remote Address Spoofing Vector in `Zend\Http\PhpEnvironment\RemoteAddress` High
GHSA-xffp-6w68-4775 was published for zendframework/zendframework (Composer) Jun 7, 2024
silverstripe/framework BackURL validation bypass with malformed URLs High
GHSA-m5q3-mvcr-gc5m was published for silverstripe/framework (Composer) May 27, 2024
Silverstripe X-Forwarded-Host request hostname injection High
GHSA-25gq-jvx2-vg9x was published for silverstripe/framework (Composer) May 23, 2024
Drupal Open redirect vulnerability in the drupal_goto function High
CVE-2016-3167 was published for drupal/core (Composer) May 17, 2022
Keycloak path traversal vulnerability in the redirect validation High
CVE-2024-2419 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
Open Redirect in OAuth2 Proxy High
CVE-2020-11053 was published for github.com/oauth2-proxy/oauth2-proxy (Go) Dec 20, 2021
rootxharsh iamnoooob
Mik317
HTTP Proxy header vulnerability High
CVE-2016-5385 was published for amphp/artax (Composer) Apr 7, 2022
Server-Side Request Forgery and Open Redirect in AllTube Download High
CVE-2022-24739 was published for rudloff/alltube (Composer) Mar 9, 2022
Rudloff
node-fetch forwards secure headers to untrusted sites High
CVE-2022-0235 was published for node-fetch (npm) Jan 21, 2022
kurt-r2c
Clearance Gem Open Redirect Vulnerability High
CVE-2021-23435 was published for clearance (RubyGems) Sep 13, 2021
ProTip! Advisories are also available from the GraphQL API