GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
38 advisories
Filter by severity
Open Redirect in apostrophe
Moderate
GHSA-h97g-4mx7-5p2p
was published
for
apostrophe
(npm)
Sep 3, 2020
Open Redirect in trailing-slash
Moderate
CVE-2021-23387
was published
for
trailing-slash
(npm)
Jun 8, 2021
URIjs Vulnerable to Hostname spoofing via backslashes in URL
Moderate
CVE-2021-3647
was published
for
urijs
(npm)
Jul 19, 2021
URL Redirection to Untrusted Site ('Open Redirect') in fastify-static
Moderate
CVE-2021-22963
was published
for
fastify-static
(npm)
Oct 5, 2021
DOS and Open Redirect with user input
High
CVE-2021-22964
was published
for
fastify-static
(npm)
Oct 12, 2021
Open Redirect in xdLocalStorage
Moderate
CVE-2020-11611
was published
for
xdLocalStorage
(npm)
Dec 9, 2021
Open redirect in @auth0/nextjs-auth0
Moderate
CVE-2021-43812
was published
for
@auth0/nextjs-auth0
(npm)
Dec 16, 2021
URL parsing in node-forge could lead to undesired behavior.
Low
GHSA-gf8q-jrpm-jvxq
was published
for
node-forge
(npm)
Jan 8, 2022
node-fetch forwards secure headers to untrusted sites
High
CVE-2022-0235
was published
for
node-fetch
(npm)
Jan 21, 2022
Open Redirect in koa-remove-trailing-slashes
Moderate
CVE-2021-23384
was published
for
koa-remove-trailing-slashes
(npm)
Feb 10, 2022
Forwarding of confidentials headers to third parties in fluture-node
Low
CVE-2022-24719
was published
for
fluture-node
(npm)
Mar 1, 2022
URL Redirection to Untrusted Site ('Open Redirect') in express-openid-connect
High
CVE-2022-24794
was published
for
express-openid-connect
(npm)
Mar 31, 2022
URL Confusion When Scheme Not Supplied in medialize/uri.js
Moderate
CVE-2022-1233
was published
for
urijs
(npm)
Apr 5, 2022
NextAuth.js default redirect callback vulnerable to open redirects
Moderate
CVE-2022-24858
was published
for
next-auth
(npm)
Apr 22, 2022
ProTip!
Advisories are also available from the
GraphQL API