Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,405
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,641
Pub
13
RubyGems
1,026
Rust
1,209
Swift
53
Unreviewed advisories
All unreviewed
5,000+

1,335 advisories

Loading
Directus: Open Redirect via Parser Bypass in OAuth2/SAML Authentication Flow Moderate
CVE-2026-35410 was published for directus (npm) Apr 4, 2026
POV9en Credited to POV9en
Directus: Open Redirect in Admin 2FA Setup Page Moderate
CVE-2026-35411 was published for directus (npm) Apr 4, 2026
ComfortablyCoding Credited to ComfortablyCoding, Akokonunes, and neo-ai-engineer Akokonunes Akokonunes
neo-ai-engineer neo-ai-engineer
Signal K Server: OAuth Authorization Code Theft via Unvalidated Host Header in OIDC Flow Moderate
CVE-2026-34083 was published for signalk-server (npm) Apr 3, 2026
VashuVats Credited to VashuVats
JupyterHub has an Open Redirect Vulnerability Moderate
CVE-2026-33709 was published for jupyterhub (pip) Apr 3, 2026
RacerZ-fighting Credited to RacerZ-fighting and Fushuling Fushuling Fushuling
A vulnerability was identified in Casdoor 2.356.0. Affected by this issue is some unknown... Moderate Unreviewed
CVE-2026-5467 was published Apr 3, 2026
Keycloak: Redirect URI validation bypass via ..;/ path traversal in OIDC auth endpoint High
CVE-2026-3872 was published for org.keycloak:keycloak-services (Maven) Apr 2, 2026
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container... Low Unreviewed
CVE-2026-2475 was published Apr 1, 2026
XenForo before 2.2.17 and 2.3.1 allows open redirect via a specially crafted URL. The... Moderate Unreviewed
CVE-2024-58342 was published Apr 1, 2026
In Search Guard FLX up to version 4.0.1, it is possible to use specially crafted requests to... Moderate Unreviewed
CVE-2026-4799 was published Mar 31, 2026
n8n: Authenticated XSS and Open Redirect via Form Node Moderate
GHSA-w673-8fjw-457c was published for n8n (npm) Mar 27, 2026
tCu0n9 Credited to tCu0n9
Statamic has an Open Redirect on unauthenticated endpoints via URL parsing differential Moderate
CVE-2026-33885 was published for statamic/cms (Composer) Mar 26, 2026
offset Credited to offset
Open Redirect vulnerability in Hitachi Ops Center Administrator.This issue affects Hitachi Ops... Moderate Unreviewed
CVE-2026-1166 was published Mar 25, 2026
H3 has an Open Redirect via Protocol-Relative Path in redirectBack() Referer Validation Moderate
GHSA-fp4x-ggrf-wmc6 was published for h3 (npm) Mar 23, 2026
offset Credited to offset
Protocol-Relative URL Injection via Single Backslash Bypass in Angular SSR Moderate
CVE-2026-33397 was published for @angular/ssr (npm) Mar 19, 2026
VenkatKwest Credited to VenkatKwest, alan-agius4, securityMB, josephperrott, and AndrewKushnir alan-agius4 alan-agius4
securityMB securityMB josephperrott josephperrott AndrewKushnir AndrewKushnir
AVideo has an Open Redirect via Unvalidated redirectUri in userLogin.php Low
CVE-2026-33296 was published for wwbn/avideo (Composer) Mar 19, 2026
fg0x0 Credited to fg0x0
A flaw was found in mirror-registry where an authenticated user can trick the system into... Moderate Unreviewed
CVE-2026-2376 was published Mar 12, 2026
@backstage/plugin-auth-backend: OAuth redirect URI allowlist bypass Moderate
CVE-2026-32235 was published for @backstage/plugin-auth-backend (npm) Mar 12, 2026
IFTOP developed by WellChoose has an Open redirect vulnerability, allowing authenticated remote... Moderate Unreviewed
CVE-2026-3824 was published Mar 11, 2026
A vulnerability in the web-based management interface of AOS-CX Switches could allow an... Moderate Unreviewed
CVE-2026-23817 was published Mar 11, 2026
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and... Low Unreviewed
CVE-2026-21295 was published Mar 11, 2026
actix-web-lab has host header poisoning in redirect middleware can generate attacker-controlled absolute redirects Moderate
GHSA-vhj5-x93p-67jw was published for actix-web-lab (Rust) Mar 11, 2026
Sylius has an Open Redirect via Referer Header Moderate
CVE-2026-31819 was published for sylius/sylius (Composer) Mar 11, 2026
bnBart Credited to bnBart
An issue pertaining to CWE-601: URL Redirection to Untrusted Site was discovered in Sunbird-Ed... Moderate Unreviewed
CVE-2025-70032 was published Mar 9, 2026
An issue pertaining to CWE-601: URL Redirection to Untrusted Site was discovered in linagora... Moderate Unreviewed
CVE-2025-70037 was published Mar 9, 2026
Pocket ID: OAuth redirect_uri validation bypass via userinfo/host confusion High
CVE-2026-28512 was published for github.com/pocket-id/pocket-id/backend (Go) Mar 9, 2026
ByamB4 Credited to ByamB4
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database