GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
32 advisories
Filter by severity
HAPI FHIR XML External Entity (XXE) vulnerability
High
CVE-2024-51132
was published
for
ca.uhn.hapi.fhir:org.hl7.fhir.convertors
(Maven)
Nov 5, 2024
Keycloak Open Redirect vulnerability
High
CVE-2024-8883
was published
for
org.keycloak:keycloak-services
(Maven)
Sep 19, 2024
@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass
High
CVE-2024-34065
was published
for
@strapi/plugin-users-permissions
(npm)
Jun 12, 2024
Zendframework Remote Address Spoofing Vector in `Zend\Http\PhpEnvironment\RemoteAddress`
High
GHSA-xffp-6w68-4775
was published
for
zendframework/zendframework
(Composer)
Jun 7, 2024
silverstripe/framework BackURL validation bypass with malformed URLs
High
GHSA-m5q3-mvcr-gc5m
was published
for
silverstripe/framework
(Composer)
May 27, 2024
Silverstripe X-Forwarded-Host request hostname injection
High
GHSA-25gq-jvx2-vg9x
was published
for
silverstripe/framework
(Composer)
May 23, 2024
Keycloak path traversal vulnerability in the redirect validation
High
CVE-2024-2419
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
Spring Framework URL Parsing with Host Validation
High
CVE-2024-22262
was published
for
org.springframework:spring-web
(Maven)
Apr 16, 2024
Spring Framework URL Parsing with Host Validation Vulnerability
High
CVE-2024-22259
was published
for
org.springframework:spring-web
(Maven)
Mar 16, 2024
Spring Web vulnerable to Open Redirect or Server Side Request Forgery
High
CVE-2024-22243
was published
for
org.springframework:spring-web
(Maven)
Feb 23, 2024
rdiffweb vulnerable to Open Redirect
High
CVE-2022-4720
was published
for
rdiffweb
(pip)
Dec 27, 2022
oauth2-server through 3.1.1 vulnerable to Open Redirect
High
CVE-2020-26938
was published
for
oauth2-server
(npm)
Aug 30, 2022
JSPUI's controlled vocabulary feature vulnerable to Open Redirect before v6.4 and v5.11
High
CVE-2022-31193
was published
for
org.dspace:dspace-jspui
(Maven)
Aug 6, 2022
Drupal has open redirect vulnerability in the Overlay module
High
CVE-2013-6389
was published
for
drupal/drupal
(Composer)
May 17, 2022
Drupal Open redirect vulnerability in the drupal_goto function
High
CVE-2016-3167
was published
for
drupal/core
(Composer)
May 17, 2022
flask-oidc Open Redirect vulnerability
High
CVE-2016-1000001
was published
for
flask-oidc
(pip)
May 17, 2022
Open redirect in ASP.NET Core
High
CVE-2017-11879
was published
for
Microsoft.AspNetCore.All
(NuGet)
May 14, 2022
Plone Open Redirection vulnerability via next parameter
High
CVE-2013-4200
was published
for
Plone
(pip)
May 14, 2022
HTTP Proxy header vulnerability
High
CVE-2016-5385
was published
for
amphp/artax
(Composer)
Apr 7, 2022
URL Redirection to Untrusted Site ('Open Redirect') in express-openid-connect
High
CVE-2022-24794
was published
for
express-openid-connect
(npm)
Mar 31, 2022
Server-Side Request Forgery and Open Redirect in AllTube Download
High
CVE-2022-24739
was published
for
rudloff/alltube
(Composer)
Mar 9, 2022
Unsafe handling of user-specified cookies in treq
High
CVE-2022-23607
was published
for
treq
(pip)
Feb 1, 2022
node-fetch forwards secure headers to untrusted sites
High
CVE-2022-0235
was published
for
node-fetch
(npm)
Jan 21, 2022
Open Redirect in OAuth2 Proxy
High
CVE-2020-11053
was published
for
github.com/oauth2-proxy/oauth2-proxy
(Go)
Dec 20, 2021
DOS and Open Redirect with user input
High
CVE-2021-22964
was published
for
fastify-static
(npm)
Oct 12, 2021
ProTip!
Advisories are also available from the
GraphQL API