Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,466
Erlang
33
GitHub Actions
23
Go
2,166
Maven
5,000+
npm
3,830
NuGet
696
pip
3,507
Pub
12
RubyGems
909
Rust
904
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,062 advisories

Loading
drupal6 version 6.16 has open redirection Moderate Unreviewed
CVE-2010-2471 was published Apr 21, 2022
Automated Logic's WebCtrl Server Version 6.1 'Help' index pages are vulnerable to open... Moderate Unreviewed
CVE-2022-1019 was published Apr 20, 2022
A URL redirection vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.9, 9.x prior... Moderate Unreviewed
CVE-2022-1254 was published Apr 21, 2022
Open redirect vulnerability via endpoint authorize_and_redirect/?redirect= in GitHub repository... Moderate Unreviewed
CVE-2022-0645 was published Apr 20, 2022
An open redirect vulnerability in the administrative interface of the B. Braun Melsungen AG... Moderate Unreviewed
CVE-2020-25154 was published Apr 15, 2022
An open redirect vulnerability in Hubzilla before version 7.2 allows remote attackers to redirect... Moderate Unreviewed
CVE-2022-27256 was published Apr 14, 2022
SAP NetWeaver ABAP Server and ABAP Platform - versions 740, 750, 787, allows an unauthenticated... Moderate Unreviewed
CVE-2022-28215 was published Apr 13, 2022
Requests initiated through reader mode did not properly omit cookies with a SameSite attribute.... Moderate Unreviewed
CVE-2022-29912 was published Dec 22, 2022
OrangeHRM 4.10 suffers from a Referer header injection redirect vulnerability. Moderate Unreviewed
CVE-2022-27109 was published Apr 7, 2022
OrangeHRM 4.10 is vulnerable to a Host header injection redirect via viewPersonalDetails endpoint. Moderate Unreviewed
CVE-2022-27110 was published Apr 7, 2022
Open redirect in wwbn/avideo Moderate
CVE-2022-27463 was published for wwbn/avideo (Composer) Apr 6, 2022
URL Confusion When Scheme Not Supplied in medialize/uri.js Moderate
CVE-2022-1233 was published for urijs (npm) Apr 5, 2022
URL Redirection to Untrusted Site ('Open Redirect') in express-openid-connect High
CVE-2022-24794 was published for express-openid-connect (npm) Mar 31, 2022
jviding kurt-r2c
Archer 6.x through 6.9 P2 (6.9.0.2) is affected by an open redirect vulnerability. A remote... Moderate Unreviewed
CVE-2022-26950 was published Mar 31, 2022
An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate... Moderate Unreviewed
CVE-2022-23798 was published Mar 31, 2022
An issue has been discovered affecting GitLab versions prior to 13.5. An open redirect... Moderate Unreviewed
CVE-2022-0283 was published Mar 29, 2022
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Netegrity SiteMinder up to 4.5.1 and... Moderate Unreviewed
CVE-2005-10001 was published Mar 29, 2022
Open Redirect in Flask-AppBuilder Moderate
CVE-2022-24776 was published for Flask-AppBuilder (pip) Mar 25, 2022
Cscms Music Portal System v4.2 was discovered to contain a redirection vulnerability via the... Moderate Unreviewed
CVE-2022-27090 was published Mar 23, 2022
The Page Builder KingComposer WordPress plugin through 2.9.6 does not validate the id parameter... High Unreviewed
CVE-2022-0165 was published Mar 15, 2022
Apache Superset Open Redirect vulnerability Moderate
CVE-2022-43721 was published for apache-superset (pip) Jan 16, 2023
URL parsing in node-forge could lead to undesired behavior. Low
GHSA-gf8q-jrpm-jvxq was published for node-forge (npm) Jan 8, 2022
kurt-r2c
Cross-site Scripting and Open Redirect in plone.app.contenttypes Moderate
GHSA-f7qw-5fgj-247x was published for plone.app.contenttypes (pip) Feb 1, 2022
Open Redirect in OAuth2 Proxy Moderate
CVE-2020-4037 was published for github.com/oauth2-proxy/oauth2-proxy (Go) Dec 20, 2021
The pattern '/\domain.com' is not disallowed when redirecting, allowing for open redirect Moderate
CVE-2020-5233 was published for github.com/oauth2-proxy/oauth2-proxy (Go) Dec 20, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database