Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

32 advisories

Loading
HAPI FHIR XML External Entity (XXE) vulnerability High
CVE-2024-51132 was published for ca.uhn.hapi.fhir:org.hl7.fhir.convertors (Maven) Nov 5, 2024
Keycloak Open Redirect vulnerability High
CVE-2024-8883 was published for org.keycloak:keycloak-services (Maven) Sep 19, 2024
@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass High
CVE-2024-34065 was published for @strapi/plugin-users-permissions (npm) Jun 12, 2024
Eventyret iarce-qb
derrickmehaffy Convly innerdvations alexandrebodin
Zendframework Remote Address Spoofing Vector in `Zend\Http\PhpEnvironment\RemoteAddress` High
GHSA-xffp-6w68-4775 was published for zendframework/zendframework (Composer) Jun 7, 2024
silverstripe/framework BackURL validation bypass with malformed URLs High
GHSA-m5q3-mvcr-gc5m was published for silverstripe/framework (Composer) May 27, 2024
Silverstripe X-Forwarded-Host request hostname injection High
GHSA-25gq-jvx2-vg9x was published for silverstripe/framework (Composer) May 23, 2024
Keycloak path traversal vulnerability in the redirect validation High
CVE-2024-2419 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
Spring Framework URL Parsing with Host Validation High
CVE-2024-22262 was published for org.springframework:spring-web (Maven) Apr 16, 2024
Spring Framework URL Parsing with Host Validation Vulnerability High
CVE-2024-22259 was published for org.springframework:spring-web (Maven) Mar 16, 2024
yoshizawa-masatoshi
Spring Web vulnerable to Open Redirect or Server Side Request Forgery High
CVE-2024-22243 was published for org.springframework:spring-web (Maven) Feb 23, 2024
yoshizawa-masatoshi
rdiffweb vulnerable to Open Redirect High
CVE-2022-4720 was published for rdiffweb (pip) Dec 27, 2022
oauth2-server through 3.1.1 vulnerable to Open Redirect High
CVE-2020-26938 was published for oauth2-server (npm) Aug 30, 2022
JSPUI's controlled vocabulary feature vulnerable to Open Redirect before v6.4 and v5.11 High
CVE-2022-31193 was published for org.dspace:dspace-jspui (Maven) Aug 6, 2022
Drupal has open redirect vulnerability in the Overlay module High
CVE-2013-6389 was published for drupal/drupal (Composer) May 17, 2022
Rudloff
Drupal Open redirect vulnerability in the drupal_goto function High
CVE-2016-3167 was published for drupal/core (Composer) May 17, 2022
flask-oidc Open Redirect vulnerability High
CVE-2016-1000001 was published for flask-oidc (pip) May 17, 2022
Open redirect in ASP.NET Core High
CVE-2017-11879 was published for Microsoft.AspNetCore.All (NuGet) May 14, 2022
Plone Open Redirection vulnerability via next parameter High
CVE-2013-4200 was published for Plone (pip) May 14, 2022
HTTP Proxy header vulnerability High
CVE-2016-5385 was published for amphp/artax (Composer) Apr 7, 2022
URL Redirection to Untrusted Site ('Open Redirect') in express-openid-connect High
CVE-2022-24794 was published for express-openid-connect (npm) Mar 31, 2022
jviding kurt-r2c
Server-Side Request Forgery and Open Redirect in AllTube Download High
CVE-2022-24739 was published for rudloff/alltube (Composer) Mar 9, 2022
Rudloff
Unsafe handling of user-specified cookies in treq High
CVE-2022-23607 was published for treq (pip) Feb 1, 2022
glyph twm
node-fetch forwards secure headers to untrusted sites High
CVE-2022-0235 was published for node-fetch (npm) Jan 21, 2022
kurt-r2c
Open Redirect in OAuth2 Proxy High
CVE-2020-11053 was published for github.com/oauth2-proxy/oauth2-proxy (Go) Dec 20, 2021
rootxharsh iamnoooob
Mik317
DOS and Open Redirect with user input High
CVE-2021-22964 was published for fastify-static (npm) Oct 12, 2021
ProTip! Advisories are also available from the GraphQL API